Last updated on 24^th June 2024

A – ABOUT THIS POLICY

Purpose and scope

1. This section outlines our policy relating to any personal information you might wish to provide us when you visit our site. Your use of our website indicates your acceptance of our website Terms of Use and this Privacy Policy (“Policy”).
2. The purpose of this Policy is to provide information about:
3. the Personal Data that Ypsilon Capital (DIFC) Ltd (“Ypsilon DIFC“, “we”, “our” or “us“) collects;
4. how we process that Personal Data, including how we use and disclose it; and
5. your rights as an individual in respect of Personal Data we hold about you.
6. Our business is built on trust between our clients and ourselves. Unless legally compelled to disclose, we have a commitment to safeguard and keep confidential any information relating to our clients or their financial affairs. Whether it is provided to us in person, over the phone, or online, including while visiting this site, we will always strive to ensure that the information is kept confidential and secure.
7. We may pass information about you and your dealings with us to other entities within the Ypsilon Group or our agents to the extent allowed by law.
8. Ypsilon DIFC, our staff, and all third parties with permission to access your information are specifically required to observe our confidentiality obligations.
9. We will not collect any personal information that identifies a visitor to this website individually unless otherwise specified. Your visit to this website will record only the Domain Name Server part of your email address and of the pages visited. Such information will be used to prepare aggregate information about the number of visitors to the site and general statistics on usage patterns.
10. Some of this information will be gathered using ‘cookies’. Cookies are small pieces of information that are automatically stored on a person’s web browser in their computer that can be retrieved by this website. We use cookies exclusively for remembering basic user information, such as IP address and other personal preference settings. This type of cookie is categorised as a “functional cookie.” We do not build a profile of users but rather, they enable our website to remember a visitor’s user preferences solely for website functionality purposes.
11. For visitors to the website, the data provided and collected is subject to the Dubai International Financial Centre (“DIFC”) Data Protection Law, DIFC Law No. 5 of 2020 and the DIFC Data Protection Regulations (the “DP Law & Regulations”).
12. For visitors that sign up as client or user of a platform operated by Ypsilon DIFC, any Personal Data provided to us will be subject to the data protection laws and regulations applicable to us in the jurisdiction(s) in which we operate (“DP Law & Regulations”). This Policy applies to all Personal Data and Special Categories of Personal Data collected by us.
13. “Personal Data” is any information referring to an identified or identifiable natural, living person.
14. “Special Categories of Personal Data” is Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations, or opinions, religious or philosophical beliefs, criminal record, trade-union membership, and health or sex life and including genetic data, and biometric data where it is used for the purpose of uniquely identifying a natural person.
15. DP Law & Regulations regulate how data controllers may collect, use, store and disclose Personal Data, and give individuals certain rights in respect of Personal Data held about them. This policy sets out how we comply with our obligations under the DP Law & Regulations, and how individuals may exercise their rights under that legislation, including the right to access Personal Data held about them.
16. The DP Law & Regulations are located on the relevant government or regulatory website within the jurisdictions in which we operate. For example, in the Dubai International Financial Centre the DIFC DP Law & Regulations can be found on difc.ae.

Confidentiality

1. Personal Data held by us will often be confidential information that we received from a client while providing financial services. Further information on how we protect, uses and discloses such confidential information can be found in the relevant client terms of business and/or client agreement applicable to the services provided.

Outline of this policy

1. “Section A” is a brief outline of this Policy, including its purpose and scope.
2. “Section B” sets out our Personal Data collection and processing practices and contact details for our Data Protection Officer.
3. “Section C” sets out your rights as a data subject, including how to contact us to exercise your rights or make a complaint about how we process your Personal Data. This section also explains certain circumstances where you may not be able to exercise your rights.

B – OUR PERSONAL DATA COLLECTION AND PROCESSING PRACTICES

Lawful basis for data collection and processing

1. We collect Personal Data only where it is relevant to and necessary for specified, explicit and legitimate purposes determined at the time of its collection.
2. Generally, we process Personal Data for one or more of the following reasons:
3. for the provision of financial services that you, or an organisation associated with you (for example, your employer), has requested;
4. for the provision of material that you have requested (for example, updates to our website, marketing material, research, newsletters, media alerts, etc.)’
5. in fulfilment of our regulatory obligations imposed upon us by laws, regulations, or rules (for example, DP Law & Regulations, anti-money laundering (know your customer) regulations, etc.);
6. for the performance of a task carried out by us at the request of a supervisory or regulatory authority;
7. for the performance of a contract to which an individual is a party or to take steps at the request of an individual before entering such contract;
8. where processing is necessary for us to comply with laws that we are subject to;
9. in certain circumstances, we may rely upon your consent for specific purposes in accordance with the relevant DP Law & Regulations; and
10. for our legitimate interests, which include: making sure our client accounts are operational; delivering, developing and improving our products and services; business growth and marketing strategies; legal and compliance reasons, such as AML, fraud and criminal activity checks; record keeping and keeping our regulatory records up-to-date; improving our website and applications from a security perspective; enforcing or applying our terms or other agreements with you, including recovering securities, fees or other debts and obligations due to us; and giving you information about our products and services that you may be interested in and, in the case of electronic marketing, where we have your permission to do so.
11. If we collect Personal Data while providing financial services to you and that Personal Data is relevant to providing you financial services from another Ypsilon Group entity, we will, in general, use or share that Personal Data for that other purpose and vice versa.
12. We may ask for Special Categories of Personal Data from you to satisfy our Know Your Customer obligations pertaining to anti-money laundering regulations or financial services rules concerning suitability.
13. DP Law & Regulations identify certain Personal Data processing which leads to a high risk to the rights and freedoms of individuals by virtue of the nature, scope, context, and purposes of the processing of their Personal Data and imposes specific requirements concerning such activities. We do not undertake any of the high-risk processing activities as described in DP Law & Regulations.
14. We do not engage in automated decision-making when processing Personal Data.
15. We do not collect, use, or process Personal Data for direct unsolicited marketing purposes.

How we collect Personal Data

1. We collect Personal Data about individuals either directly or indirectly (for example, from their employer, power-of-attorney, an authorised representative, public sources, etc.). There are several ways in which we may collect this data, including through:
2. email and telephone contact with us;
3. video calls or other meetings that take place with us in person;
4. applications, surveys, online forms, and systems available on our website;
5. through your registration on an Ypsilon Group electronic platform;
6. correspondence and other documents (whether electronic or physical);
7. publicly available information (for example, public directories, media, social media, internet, news articles etc.);
8. professional screening programs and facilities such as ComplyAdvantage;
9. third party goods or services providers;
10. recruitment service providers
11. Our front-of-house reception sign-in;
12. Our office security cameras;
13. Our guest Wi-Fi; and
14. Any Ypsilon DIFC subscriptions (for example, updates to our website, marketing material, research, newsletters, media alerts, etc.).
15. If you contact us, we will keep at least an electronic or digital record of the correspondence, including Personal Data shared at that time.
16. In some circumstances we may collect Personal Data about individuals from third parties, for example when:
17. onboarding a client for the provision of financial services;
18. preparing or receiving reports or documents that relate to the provision of financial services;
19. carrying out credit checks, we may obtain Personal Data from credit bureaus or credit reference agencies to assess creditworthiness and make financing decisions;
20. processing payments we may receive Personal Data from third-party payment processors, such as banks, PayPal, or Stripe;
21. receiving information from or co-operating with other governmental, regulatory or law enforcement agencies or public bodies;
22. receiving other documents (such as subscription forms or applications that contain Personal Data); and
23. recruiting our employees and contractors or service providers.
24. Collecting Personal Data from third parties: Where we collect your Personal Data from third parties, we do so on the legal bases set out in paragraphs 12 and 13 of this policy.

Where we store your Data

1. We are headquartered in the Dubai International Financial Services (DIFC) in the United Arab Emirates (UAE). We may transfer your Personal Data within the UAE and to other countries where we (or other Ypsilon Group entities) or our service providers maintain operations.
2. When we do this, we will ensure the data is subject to an appropriate level of protection and that the transfer is lawful. This includes relying on adequacy decisions issued by the relevant data protection authority and using standard contractual clauses for transfers of Personal Data. You can obtain more details of the protection given to your information when it is transferred by contacting us using the details below.

Sharing Personal Data with third parties

1. We may share your Personal Data across the Ypsilon Group of entities. We may also disclose your Personal Data to third parties. These third parties may include service providers; agents; subcontractors; regulators; official bodies; cloud service providers; hosting, email, and content providers; regulated financial institutions, such as banks and brokers; professional services firms such a lawyers, auditors, consultants and accountants; and other service providers who we engage from time to time.
2. When we pass Personal Data to third parties, we only disclose to them those aspects of Personal Data that we are legally bound, or that is necessary for them to provide their service and we have contracts in place that require them to keep your Personal Data confidential and secure, only use it for the stated purpose and subject to compliance with applicable laws. The obligations of confidentiality imposed on Ypsilon DIFC also apply to such persons who come into possession of any confidential information.
3. In most cases, the DP Laws & Regulations and our policies allow us to share information without the consent of the individual to whom the Personal Data relates. Where we are required to obtain such consent, we ensure that we obtain adequate consent from the relevant individual in accordance with the relevant DP Laws & Regulations. In other cases, we may be compelled to disclose Personal Data due to a mandatory legal obligation or by order of a court or other adjudicatory body or tribunal of competent jurisdiction.

Data access, rectification, and erasure

1. You and your representatives (for example, your employer, power-of-attorney, etc.) are responsible for the accuracy, completeness, correctness, and relevance of Personal Data provided to us.
2. The relevant DP Laws & Regulations allows you to seek access to the Personal Data we hold about you, and, in certain circumstances, to seek to rectify inaccurate or incomplete data, or, to require the erasure of your Personal Data.
3. Unless certain conditions or exemptions apply, and we will inform when they do, we will respond to your request to access, rectify or erase your Personal Data within one month of receiving your request provided we have received sufficient evidence from you that reasonably establishes your identity as the individual making the request.
4. Please keep in mind that:
5. if your request is complex or you make numerous requests, we may need to increase the period for complying with your request;
6. in certain circumstances, it may not be feasible for us to rectify or erase Personal Data for technical reasons; and
7. we may refuse to comply with a request we consider manifestly unfounded or excessive, in which event (as applicable) we will respond in accordance with the relevant DP Laws & Regulations and notify you of our reasons.
8. Otherwise, we may be entitled to refuse your request to access, rectify or erase your Personal Data in circumstances where we have relied upon the general exemption set out in the relevant DP Laws & Regulations. For further information, please refer to Section C – Rights of Data Subjects.

Storage and security of Personal Data

1. We store Personal Data in electronic, digital and paper format.
2. We take all reasonable steps to secure the Personal Data we hold against unauthorised access, use, modification or disclosure, accidental loss and against other inappropriate alteration or misuse. These steps include:
3. controlled, secure and restricted access to our physical premises and IT systems;
4. implementing technical and operational measures to secure Personal Data;
5. establishing and implementing policies for securing Personal Data;
6. applying password protection, data authentication, encryption, and access privileges to our IT systems;
7. implementing specific IT software and systems to detect and protect against viruses or other harmful programs or computer code;
8. securing paper format information in locked cabinets;
9. limiting employee access to Personal Data to the extent that it is necessary to carry out their responsibilities;
10. conducting integrity checks on employees;
11. including confidentiality and data protection obligations in our contracts with contractors, services providers, consultants, experts, agents, and employees;
12. implementing measures for the proper and secure disposal of Personal Data; and
13. imposing clear desk and clear screen procedures.
14. We seek to adopt commercially reasonable security measures to assist in protecting against the loss, misuse, and alteration of personally identifiable information which is under our control. Unfortunately, no security system, or system of transmitting data over the internet, can ever be guaranteed to be 100% secure. As a result of the foregoing, while we undertake commercially reasonable efforts to protect your personally identifiable information, we cannot guarantee the security of our servers, how information is transmitted between your computer and our servers, or any information provided to us or to any third party through or in connection with our website. You provide all such information entirely at your own risk.
15. When your Personal Data is no longer required, it will be securely and permanently deleted, anonymised, pseudonymised, securely encrypted or otherwise put beyond further use in accordance with our data retention policy, unless it is needed to establish or defend legal claims, or we are required by law to retain it.

How long do we keep your Data

1. We do not keep your Personal Data for any period longer than is necessary for the purpose for which your Personal Data was collected, processed, required by law or where we may need it for our legitimate purposes such as maintaining records for analysis or audit purposes, regulatory purposes, responding to queries or complaints, monitoring fraud, defending or taking legal action and responding to requests from regulators.
2. If you opt out from receiving marketing or other communications or object to any other processing of your Personal Data, we may keep a record of your objection to ensure that we continue to respect your wishes and do not contact you further.

Notification of Personal Data breaches

1. If a Personal Data breach occurs and the Personal Data that we hold about you is subject to unauthorised access, loss, use or destruction, we will respond in accordance with the relevant DP Laws & Regulations.
2. We will notify you of any Personal Data breach in respect of your Personal Data which is likely to result in a high risk to your security or rights as soon as is practicable in the circumstances, or, where there is an immediate risk of damage to you, promptly. Where a direct communication to you will involve disproportionate effort, we may instead inform you via a public communication or other similar measures that are equally effective.

Media and publications

1. Where our website or publications include photographs of identifiable individuals, we ensure that we obtain an express and specific permission from those individuals.
2. If our website features any film taken in a public place, we ensure that the footage only captures individuals in the background. For all other forms of video recording, we obtain express and specific permission from everyone who appears in our films, which includes individuals participating in conferences and webinars.

Use of our website, cookies, subscriptions and technology

1. When someone visits our website, we may use a third-party service, for example, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns for statistical purposes. This information is processed in a way that does not identify any individual.
2. We use functional cookies exclusively for remembering a visitor or registered user’s preferred language setting when visiting our website. We do not use cookies to identify or build a profile of any individual.
3. When you subscribe for information (for example, updates to our website, marketing material, research, newsletters, media alerts, etc.), by providing your email address and subscription preferences, you consent to us processing that information to provide you with the updates you have requested. You can unsubscribe or modify your subscription for updates to our website here: notices@ydifc.ae.

Employees, contractors, and service providers

1. We collect and process Personal Data, including Special Categories of Personal Data, for the purposes of assessing an individual’s suitability for employment within Ypsilon DIFC, and engaging, managing and supporting our employees.
2. We will also collect and process Personal Data when engaging contractors, service providers, consultants and experts. This will be limited to the specific purposes for engaging such persons, including to undertake appropriate due diligence before any appointment, for administration purposes and during the performance of the specific contract.
3. There may also be circumstances where we collect and process Personal Data concerning employees, contractors and service providers to obtain security clearances, manage conflicts of interest or to fulfil our regulatory obligations.

Our Data Protection Officer

1. As a responsible financial institution, we have elected to appoint a Data Protection Officer who monitors our compliance with the relevant DP Laws & Regulations and our internal policies relating to Personal Data, advises us on our data assessment and other data protection obligations, and acts as our contact point for regulators and official bodies and agents such as a Data Protection Commissioner.
2. If you have any questions or requests, please email our Data Protection Officer at: dpo@ydifc.ae or by writing to:

Ypsilon Capital (DIFC) Ltd

Level 6, Office 3

Gate District Precinct Building 4, DIFC, Dubai, UAE

Changes to this policy

1. We review this policy regularly and may update it from time to time without prior notice. The most recent version of this policy is available on our website ypsilondifc.ae and the date of the ‘last update’ is stated at the top of the first page.

C – RIGHTS OF DATA SUBJECTS

Your rights

1. Under the relevant DP Laws & Regulation, you have rights as an individual, which you can exercise in respect of the Personal Data we hold about you. For example, you can exercise the following rights:
2. The right to be provided with specified information about the processing of your Personal Data (‘The Right to be Informed’).
3. The right to access your Personal Data and certain supplementary information (‘The Right of Access’).
4. The right to have your Personal Data rectified if it is inaccurate or incomplete (‘The Right of Rectification’).
5. The right to have, in certain circumstances, your Personal Data deleted or removed (‘The Right of Erasure’).
6. The right, in certain circumstances, to restrict the processing of your Personal Data (‘The Right to Restrict Processing’).
7. The right, in certain circumstances, to move Personal Data you have provided to us to another organisation (‘The Right of Data Portability’).
8. The right, in certain circumstances, to object to the processing of your Personal Data and, potentially, require us to stop processing that data (‘The Right to Object’).
9. In the event processing of your Personal Data is based on your consent, the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal (‘The Right to Withdraw Consent’).

How to exercise your rights

1. If you wish to find out what Personal Data, if any, we hold about you, or if you wish to exercise other rights in respect of your Personal Data, you can contact our Data Protection Officer by email: dpo@ydifc.ae or at the address mentioned above at paragraph 56.

1. To enable us to process your request promptly, we will need you to provide us with certain information about yourself including:
2. first name;
3. last name;
4. any other names that you may have been known by (including nicknames and previous surnames);
5. home address;
6. date of birth;
7. telephone number; and
8. email address

Data rectification and erasure

1. In certain circumstances, there may be technical reasons why it is not feasible for us to rectify or erase Personal Data when you ask us to do so. For example, it may not be possible to erase data from our information technology systems, or certain records may be incapable of amendment once entered in the system, or it is not possible to remove a single record from our backups, or deleting a backup or manipulating the files therein will create problems for the integrity of our backup system as a whole, or deleting an individual’s data without deleting the whole file or record where the information is contained is not possible.
2. If for any reason, we are unable to act in response to a request for erasure or rectification, we will provide a written explanation to you and inform you of your rights and details of how to complain to the relevant Data Protection Commissioner and to seek a judicial remedy. Circumstances where we may be unable to rectify or erase Personal Data include:
3. for technical reasons;
4. for the establishment, exercise, or defence of legal claims;
5. to comply with applicable laws or legal obligations to which the DFSA is subject; or
6. an official or legal inquiry, investigation or procedure or prosecution;

Making a complaint

1. If you believe we have breached any DP Laws & Regulations, you can make a complaint to our Data Protection Officer here: dpo@ydifc.ae or make a complaint directly to the relevant Data Protection Commissioner whose contact can be found on the relevant government or regulatory website, or we can provide them to you.

General

• The following terms and conditions stated in this legal disclaimer and terms of use (the “Legal Disclaimer”) govern the use of the Ypsilon Capital (DIFC) Ltd (“Ypsilon DIFC”, “we”, “us” or “our”) website (“this website”).
• By accessing this website, you accept and agree to the terms and conditions of the Legal Disclaimer.
• We expressly reserve the right to make changes to this Legal Disclaimer, this website, and its contents. Changes to the Legal Disclaimer are effective immediately upon posting of the amended text, content or other information on this website.
• The Legal Disclaimer and any obligations arising out of or in connection with it shall be governed by and construed in accordance with the laws of the Dubai International Financial Centre (“DIFC”). Any dispute arising out of or in connection with this Legal Disclaimer shall be subject to the exclusive jurisdiction of the Courts of the DIFC.

Copyright

• Ypsilon DIFC maintain this website to provide direct access to its information, documents, data, and materials (the “Material”) to those who choose to access and use this website. We maintain this website for general information purposes only.
• Unless otherwise expressly stated, we own the copyright and any other rights, titles, and interests in and to the Material.
• You may print and download extracts from this website subject to compliance with the following conditions:

(a) The Material on this website is only for personal use or for use within an individual company or organisation; any Material that you copy, reproduce or save may (subject to the exception in sub-paragraph (d) below) only be – used for personal viewing purposes or for viewing within the company or organisation by which they were copied, reproduced or saved;

(b) any extracts which are printed may only be used for personal viewing or for viewing within the company or organisation by which they were printed (subject to the exception in sub-paragraph (d) below);

(c) neither pages saved or stored, nor extracts printed, may (subject to the exception in sub-paragraph (d) below) be distributed to third parties or the public whether for profit or otherwise;

(d) the only permitted exception to the general conditions stated in sub-paragraphs (a) to (c) above is where extracts (of no more than a few relevant provisions) are copied to individual third parties for purposes of advising. Ypsilon DIFC’s name and/or any of its copyright symbols must appear on any copyrighted Material copied, reproduced, saved, printed or otherwise distributed from this website.

• You must not reproduce or store in any form whatsoever any Material in this website on any other website or include it in any public or private electronic retrieval system or service, without our prior written consent. To apply for consent, please write to notices@ydifc.ae
• You must not use the name or trademarks or logo or graphics of Ypsilon DIFC in any advertisement or public announcement or any form of information or documents or records or communication (whether verbal or written or electronic or otherwise) without our prior written consent. To apply for consent, please write to notices@ydifc.ae.
• Subject to paragraph 7, if any Material is reproduced (whether in whole or in part and whether on paper or electronically or otherwise), you must ensure that any document, communication or publication or other format in which the Material is displayed does not:

(a) in any way imply that we are endorsing the document or publication or communication or other format in which the Material is displayed;

(b) present false or misleading information concerning Ypsilon DIFC;

(c) contain content that could be construed as distasteful, misleading, offensive, controversial or against the public interest; or

(d) infringe any intellectual property or other rights of any person or otherwise contravene any applicable law or regulation.

Any rights not expressly granted in this Legal Disclaimer are reserved in full by us.

Disclaimer

• The solutions presented in this website are the collective services offered by the Ypsilon Group. The services offered by each entity within the Ypsilon Group will be according to their respective terms of business. For details of services and regulatory status, please visit the webpage of the relevant entity.
• Unless otherwise indicated, the Material contained in this website is for general information purposes only. While we endeavour to keep the contents and Material correct and up to date, we make no representations or warranties whatsoever of any kind, whether express or implied, about:

(a) the completeness, accuracy, reliability, contemporaneity, suitability, or availability with respect to the contents of this website, including but not limited to the Material contained on this website;

(b) the non-infringement, title, merchantability or fitness for any particular purpose of the contents of this website, including but not limited to the Material contained on this website; or

(c) that the contents available through this website or any functions associated with this website will be uninterrupted or error-free or that defects will be corrected or that this website and its server is and will be free of all viruses or other harmful elements.

Any reliance you place on such contents and Material is therefore strictly at your own risk.

• We do not accept any liability nor can be held responsible for any damages, costs, loss or claims of any kind, whether under contract or tort or otherwise, including without limitation, any indirect or consequential damages of any kind or loss of business or profits howsoever caused and whether as a result of, or in connection with (directly or indirectly):

(a) the use of this website, its contents, or the Materials;

(b) reliance on the contents of this website or the Materials;

(c) any error or omission or defect in the contents or Materials on this website;

(d) any action, inaction or decision taken as a result of or in connection with the use of this website or any information on this website; or

(e) any functions associated with this website or any viruses or other harmful elements.

• The official language of this website is English. We may translate our website into other languages using Google Translate. Google Translate is a third-party service provided by Google that performs all translations directly and dynamically. By detecting patterns in documents that have already been translated by human translators, Google Translate can make intelligent guesses as to what an appropriate translation should be. This process of seeking patterns in large amounts of text is called “statistical machine translation”. Since the translations are generated by machines, not all translation will be perfect. The more human-translated documents that Google Translate can analyse in a specific language, the better the translation quality will be. Translation accuracy will therefore vary across languages.
• We may provide the Google Translate option to assist you in reading the website in languages other than English. For these translations, reasonable efforts have been made to provide an accurate translation, however, no automated translation is perfect nor is it intended to replace human translators. These translations (as with the contents and Material on this website) are provided on an “as is” basis. No warranty of any kind, either expressed or implied, is made by us as to the accuracy, reliability or correctness of any of these translations made from English into any other language. Some content (such as images, videos, Flash, etc.) may not be accurately translated due to the limitations of the translation software.
• Any discrepancies or differences created in translating the content on this website from English into another language are not binding and have no legal effect for compliance, enforcement, or for any other purpose. If any questions arise related to the accuracy of the information contained in these translations, please refer to the English version of the website.
• This website may contain information provided by third parties. Unless otherwise indicated, these third parties are solely responsible for ensuring that the information they submit to us is accurate, complete, and current and complies with all applicable laws and regulations. We are not responsible on any basis whatsoever for any information provided by third parties or for its verification and will not verify any such information. We reserve the right to omit, suspend, remove or edit any third-party information on this website.
• This website provides general information only and it is not intended, nor it is to be relied upon on any basis whatsoever, as any form of legal, financial, tax or other professional advice. You should consult appropriate professional advisers if you require financial or other advice. You should not rely upon any information or Material provided on this website as a basis for making any business, legal or any other decisions.
• Access to this website may be suspended temporarily or permanently and without notice.

Links in this website to other websites

• This website may offer links, such as hyperlinks or buttons, directing access to third party websites, which enable you to leave this website. We do not control or monitor these linked websites and shall not be responsible for any materials, information or content posted on these linked websites. We are not responsible for the availability of any linked website or any changes or updates to any linked website or any functions associated with any linked website, or any viruses or other harmful elements associated, resulting from or connected to any linked website.
• Unless otherwise indicated, the inclusion of any third party linked website on this website does not imply any relationship or association between Ypsilon DIFC and the owner of the linked website or any endorsement, sponsorship or approval by us of the linked website or its contents. We provide links to third party websites solely for your convenience and on a non-reliance basis at your full risk. You are solely responsible for your access to any linked website. You shall use your own judgment, caution and common sense in using any linked website and should check the privacy policy and terms of use for each linked website. We do not accept any responsibility or liability whatsoever for any policy or terms of use for any linked website.
• Third party linked websites may use web measurement tools, customisation technologies and cookies. We are not responsible for the privacy practices or the content of other websites, and, unless otherwise indicated, we do not use, share or maintain personal information that is collected by other websites.

Other websites links to this website

• Except as set out below, links and caching to, and the framing of this website or any of its contents are prohibited.
• Unless otherwise agreed, the linking of any third-party websites to this website is permitted only where the link provided is to the Ypsilon DIFC homepage. Please note, we reserve the right to disable any link to our homepage where we consider the link to be inappropriate.
• Your linking to this website constitutes acceptance of this Legal Disclaimer, including any changes or modifications thereto. If you do not accept this Legal Disclaimer, you must discontinue linking to this website and any of its contents.
• Unless stated on this website, in no circumstances shall Ypsilon DIFC be associated or affiliated in any manner whatsoever with any trade or service marks, logos, insignia or other devices used or appearing on websites that link to this website or any of the contents of this website.
• Ypsilon DIFC disclaims any responsibility for the content available on any other website reached by links to or from this website or any of the contents of this website.

Cookies

• We use cookies exclusively for remembering a user’s preferred language setting so that when a user revisits our website, the website will appear in the language that the user selected on their earlier visit. This type of cookie is categorised as a “functional cookie.” Cookies do not build a profile of individuals but rather, they enable our website to remember the user’s language preference solely for website functionality purposes.

Google Analytics

• We may use Google Analytics as a web analytics tool to obtain statistical reports on our website traffic. The statistical reports that we obtain from Google Analytics contain data that is anonymised and aggregated and does not personally identify visitors to our website.

Ypsilon Capital (DIFC) is committed to the highest standards of integrity and regulatory compliance. Our Whistleblowing Policy provides a secure and confidential framework for reporting concerns about wrongdoing, misconduct, or regulatory breaches. A summary of the Policy follows:

Our Commitment

We are committed to the highest standards of integrity and transparency. If you see something wrong — such as fraud, misconduct, or a breach of our policies — we want you to feel safe speaking up.

What Can You Report?

You can report any concerns about:

• Fraud or financial crime
• Breaches of laws, regulations, or company policies
• Health and safety risks
• Misconduct or mismanagement
• Attempts to conceal any of the above

Your Protection

• Your identity will be kept confidential wherever possible
• We strictly prohibit retaliation against anyone who reports a concern in good faith. We actively monitor to ensure whistleblowers do not suffer any detriment

How to Report

You can report concerns confidentially or anonymously through any of these channels:

• Phone / SMS: +971 (0)52 799 2154
• Email: compliance@ydifc.com
• Internal Auditor: hassan.damerji@crowe.ae
• DFSA: whistle@dfsa.ae

Reports can be made anonymously. We guarantee confidentiality and enforce strict non-retaliation measures.

What Happens Next

• We confirm receipt of your report
• We follow a structured process:

1. Secure evidence and maintain confidentiality
2. Interview relevant personnel
3. Escalate serious matters to senior management and the Board

• We keep you informed where appropriate and take corrective action

Independent Oversight

If your report involves senior management or compliance staff, an independent external reviewer will oversee the investigation.

Regular Review

Our whistleblowing arrangements are reviewed by our Internal Auditor and external experts to ensure effectiveness and compliance with DFSA requirements.

(1) Scope

1. Ypsilon Capital (DIFC) Ltd (“Ypsilon”) shall when executing transactions on your behalf comply with this Execution & Order Policy (the “Policy”) and you consent to such Policy as it is amended and updated from time to time. The prevailing version of the Policy is always available at www.ydifc.com.
2. When executing orders for a Client, Ypsilon is generally required to take reasonable care to determine the best overall price available under the prevailing market conditions and then to deal at a price which is no less advantageous to that Client. This is referred to as Best Execution.
3. Subject to the laws and regulations of the Dubai International Financial Centre (“DIFC”) and the Rules of the Dubai Financial Services Authority (“DFSA”), this Policy does not apply with respect to any Transaction which Ypsilon undertakes with a Market Counterparty, or is an Execution-only Transaction (to the extent that Ypsilon is following the Client’s specific instruction(s)), or when Best-Execution is waived by the Client.

(2) Execution Factors

1. In considering how the best possible result for the Client’s order might be achieved, Ypsilon shall take several factors into account, including price, direct costs and indirect costs, speed, likelihood of execution and settlement arrangements, size, nature of the order, or any other considerations relevant to the execution of the order.
2. In determining the relative importance of these factors, Ypsilon shall use its own commercial experience and judgment, together with the size and nature of the order, the characteristics of the financial instruments to which the order relates, as well as the possible execution venues to which that order can be directed.
3. In general, Ypsilon shall regard price as the most important of these factors for obtaining the best possible result. However, there may from time to time be circumstances for some Clients, particular instruments or markets, where other factors may be deemed to have a higher priority.
4. To the extent permitted by applicable law and regulations, Ypsilon may, but shall be under no obligation to, aggregate orders for the purchase or sale of the same security where we consider that such aggregation is unlikely to work to the overall disadvantage of any client whose orders are to be aggregated.

(3) Execution Venues

1. In establishing this Policy, Ypsilon has identified a variety of different execution venues and entities that it intends to use, as it considers that these enable it to obtain the best possible results on a consistent basis when executing orders on behalf of Clients.
2. Ypsilon may transmit orders to another entity for execution, or it may be the execution venue and act on a ‘matched principal’ or agency basis.
3. Financial instruments which are not traded on an exchange, including but not limited to foreign exchange transactions and contracts for difference (CFDs) shall be executed exclusively via a bilateral transaction with Ypsilon.

(4) Exceptions to the duty of Best Execution

1. In addition to the exceptions in 1.3 above, where the Client places orders through an order routing or direct market access platform, such orders are excluded from this Policy as the Client takes direct responsibility for its order’s execution.
2. Where a Client requests a quote and negotiates a price with Ypsilon (i.e. dealing on a request for quote or RFQ basis) and where there are reasons to believe that the Client is not legitimately relying on Ypsilon to act on its behalf in protecting his interests, Ypsilon shall not be considered as executing a Client’s order, and as such, Best Execution will not apply.
3. Where Ypsilon is provided with specific instructions in relation to the execution of an order, Ypsilon shall execute the order in accordance with those specific instructions which may prevent it from taking the steps set out in this Policy to obtain the best result in respect of those elements covered by those instructions.
4. The above exceptions to this Policy apply even where, as part of its general relationship with the Client, Ypsilon communicates trade ideas, relevant market opportunities or indicative prices to the Client.

(5) Trade Contract/Confirmation Notes

1. Ypsilon shall monitor and/or voice record any or all orders given to Ypsilon by telephone.
2. Where Ypsilon is dealing on behalf of the Client as agent or matched principal, the trade contract/confirmation note sent to the Client shall be deemed a final proof of execution of the Client's order.
3. Where Ypsilon, acting as an introducing broker, is arranging a deal on behalf of the Client to be executed by a third party financial institution and where the Client’s account is held by the third party financial institution, Ypsilon shall request the said third party financial institution to send directly the trade contract/confirmation note to the Client.

(6) Order Monitoring

1. Ypsilon shall act in accordance with this Policy on a best-efforts basis, in order to achieve the best outcome for the Client. Nevertheless, Ypsilon cannot guarantee that every Client order will be executed at the best posted price, particularly in cases such as, but not limited to, system delays or failures.
2. Ypsilon shall keep its order execution arrangements under review, including the quality of third party execution venues. Such reviews shall enable Ypsilon to identify and implement changes to its policy and execution arrangements as necessary.

At Ypsilon Capital (DIFC), we value feedback and are committed to resolving complaints fairly, promptly, and transparently. Complaints help us improve and uphold the highest standards of service. Here’s a summary of our Complaints Handling Policy:

Our Commitment

We aim to handle all complaints professionally and consistently. If you’re unhappy with any aspect of our service, we want to hear from you so we can put things right.

What Counts as a Complaint?

A complaint is any oral or written expression of dissatisfaction from a client about the provision of, or failure to provide, a financial service.

How to Complain

You can raise a complaint through any of these channels:

• Email: compliance@ydifc.com
• Phone: +971 (0)52 799 2154
• In Writing: Ypsilon Capital (DIFC) Ltd, Office 3, Level 6, Gate District Precinct Buidling 4, DIFC, Dubai, UAE

How We Handle Complaints

• Acknowledgment: We confirm receipt of your complaint within 3 business days.
• Investigation: A qualified person, independent of the matter, investigates your complaint.
• Response: Within 21 days, we explain our findings and any action we propose to take.
• Escalation: If you remain dissatisfied, we will inform you of your right to escalate the matter to the regulator or an independent dispute resolution body.

Redress

Redress means any corrective action we take to resolve your complaint. This may include:

• An apology
• Remedial steps
• Financial compensation

Your Protection

• All complaints are handled confidentially.
• We maintain a complete record of the investigation and supporting evidence for 6 years.
• Our staff receive annual training to ensure complaints are managed properly.

What Happens Next

• We acknowledge your complaint
• Investigate thoroughly
• Keep you informed throughout
• Take corrective action where necessary

Ypsilon Capital (DIFC) Ltd is committed to acting with independence, fairness, and transparency at all times. This overview of our internal Conflicts of Interest Policy explains how we identify, prevent, and manage situations where competing interests could affect — or appear to affect — the way we provide services. It is designed to give clients and the public confidence in our governance and the integrity of our decision‑making.

Our Commitment

We put clients’ interests first and take active steps to ensure our judgement is never compromised. We maintain policies, systems, and controls to identify, prevent, and manage conflicts of interest across all areas of our business, including between:

• One client and another
• Us and a client
• Us and an employee
• Different business areas within our company

What Is a Conflict of Interest?

A conflict of interest is a situation where competing personal, professional, or business interests could influence — or appear to influence — how we act.

Conflicts may be:

• Actual: happening now
• Potential: could arise based on circumstances
• Perceived: may appear to exist even if no conflict actually does

These situations can affect clients, employees, and us if not properly managed.

Examples of Conflicts That May Arise

Below are examples of conflicts drawn directly from our internal policy. These are not exhaustive but illustrate the types of situations we actively monitor and address.

1. Conflicts Between Clients

Conflicts may arise when we act for multiple clients whose interests differ. Examples include:

• Allocation or pricing of securities or investment opportunities, where one client could be favoured over another.
• Acting for clients on opposing sides of the same transaction, creating a direct conflict of interest.
• Fee structures that differ between clients in the same transaction or service without an objective basis.

We have controls to ensure all clients are treated fairly and that no client is given preferential treatment.

2. Conflicts Between the Firm and a Client

These occur where our own interests may diverge from a client’s interests. Examples include:

• Receiving or paying inducements, such as monetary or non‑monetary benefits, that could influence how we provide services.
• We or our Related Parties holding financial interests in a client or a party involved in a client’s transaction.
• Situations where our compensation from one client is significantly higher than for another client in the same transaction.
• Using confidential or inside information inappropriately, or where possession of such information could advantage us or another client.

Where needed and permitted, we disclose conflicts to clients or decline to act.

3. Conflicts Between Ypsilon and Employees

These occur when employees have personal interests that could interfere with their duties. Examples include:

• Personal financial interests that conflict with a client’s or our interests.
• Close personal relationships with clients, vendors, or colleagues that could influence decision‑making or create the perception of preferential treatment.
• Outside business activities or directorships that impair an employee’s independence or objectivity.
• Employee personal trading that conflicts with client transactions or the our activities.

All employees are required to disclose conflicts immediately so they can be properly assessed and managed.

How We Prevent and Manage Conflicts

We use a range of measures to ensure conflicts are identified early and managed effectively, including:

• Clear organisational segregation between business and control functions
• Information barriers (Chinese Walls) to protect confidential and inside information
• Independent reviews of transactions, allocations, and pricing
• Disclosure to clients, where appropriate and permitted
• Declining to act if a conflict cannot be managed to an acceptable standard
• A Conflicts Register maintained by Compliance
• Ongoing monitoring by Compliance and regular Board oversight

These controls aim to ensure decisions are taken independently, objectively, and in clients’ best interests.

How Conflicts Are Handled Step‑by‑Step

When a conflict is identified, we follow a structured process:

A) Identify

Employees must report any actual or potential conflict to our Compliance Officer immediately.

B) Assess & Manage

We determine the best approach, which may include:

• Information barriers
• Adjusting how a service is delivered
• Disclosures to clients
• Recusal of employees from certain decisions
• Declining the engagement if necessary

C) Record

All conflicts and mitigation steps are documented in the Conflicts Register.

 D) Monitor & Review

Compliance monitors conflicts as part of the Firm’s Compliance Monitoring Programme. Periodic reports are provided to the Board.

Your Protection as a Client

Our controls aim to ensure clients are:

• Treated fairly and consistently
• Protected from adverse impacts of internal or external conflicts
• Informed where a conflict must be disclosed
• Served independently, objectively, and without bias

If a conflict cannot be fully and effectively managed, we will decline to act.

Raising Concerns

If you believe a conflict has not been properly managed, concerns may be raised through the channels provided in our Whistleblowing Policy, which ensures confidentiality and protection from retaliation.