Privacy Policy

Identity & Professional Information

Full name, date of birth, nationality, passport or national ID number, business registration details, company name, legal structure, registered address, and Ultimate Beneficial Owner (UBO) information as required for KYC/KYB compliance.

Contact Information

Email address, phone number, business address, and communication preferences.

Financial Information

Bank account details for transaction verification purposes, payment card information processed through PCI-DSS compliant third-party processors (Stripe), and trade finance instrument references. We do not store full card numbers on our servers.

Platform Usage Data

IP address, browser type, device identifiers, pages visited, time spent on platform, search queries, and interaction logs for security and service improvement purposes.

Transaction Data

Deal protocols, mandate records, service requests, arbitration case data, and engagement records created within the platform.

Platform Services

To provide, maintain, and improve the Sovereign Nexus portal, including member verification, deal facilitation, arbitration services, and partner directory management.

KYC/KYB Compliance

To conduct identity verification, Anti-Money Laundering (AML) screening, and Know Your Business (KYB) checks as required under Bahrain law and international trade compliance standards.

Communications

To send transactional emails, service notifications, arbitration updates, and platform announcements. We do not send unsolicited marketing communications without consent.

Security & Fraud Prevention

To detect, investigate, and prevent fraudulent activity, unauthorised access, and violations of our Terms of Service.

Legal Obligations

To comply with applicable laws, regulations, court orders, and requests from competent authorities in the Kingdom of Bahrain and other jurisdictions where we operate.

Service Partners

When you submit a service request to a partner organisation, we share relevant professional details with that partner to facilitate the engagement. Partners are contractually bound to confidentiality obligations.

Third-Party Processors

We engage vetted third-party service providers including Supabase (database infrastructure), Stripe (payment processing), Resend (transactional email), and OpenAI (AI advisory features). Each processor is subject to data processing agreements.

Regulatory Authorities

We may disclose information to the Central Bank of Bahrain (CBB), Financial Intelligence Directorate (FID), or other competent authorities when required by law, court order, or for AML/CTF reporting obligations.

No Sale of Data

We do not sell, rent, or trade your personal information to third parties for commercial purposes. Your data is used exclusively to provide and improve our services.

Active Members

We retain your data for the duration of your membership and for a minimum of 7 years following termination, as required under Bahrain Commercial Law and AML regulations.

Transaction Records

Deal protocols, arbitration records, and financial transaction logs are retained for 10 years in compliance with applicable financial regulations.

Deletion Requests

Where legally permissible, you may request deletion of your personal data by contacting us. Requests will be processed within 30 days, subject to legal retention obligations.

Technical Measures

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production systems is restricted to authorised personnel via multi-factor authentication.

Infrastructure

Platform data is hosted on Supabase infrastructure with Row Level Security (RLS) policies ensuring strict access control. Payment data is processed exclusively through Stripe's PCI-DSS Level 1 certified systems.

Incident Response

In the event of a data breach affecting your personal information, we will notify affected members within 72 hours of discovery, in accordance with applicable data protection laws.

Access

You have the right to request a copy of the personal data we hold about you.

Correction

You may request correction of inaccurate or incomplete personal data through your profile settings or by contacting us.

Portability

You may request your data in a structured, machine-readable format where technically feasible.

Objection

You may object to processing of your personal data for direct marketing purposes at any time.

Withdrawal of Consent

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Essential Cookies

We use strictly necessary cookies for authentication, session management, and security. These cannot be disabled.

Analytics

We may use privacy-respecting analytics to understand platform usage patterns. No personal identifiers are shared with analytics providers.

Third-Party Cookies

Stripe may set cookies on our payment pages for fraud prevention. These are governed by Stripe's own Privacy Policy.

Cross-Border Processing

Your data may be processed in jurisdictions outside Bahrain, including the United States and European Union, by our third-party processors. All such transfers are subject to appropriate safeguards including Standard Contractual Clauses (SCCs) or equivalent mechanisms.

Notification

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent platform notification at least 14 days before taking effect. Continued use of the platform constitutes acceptance of the updated policy.

Data Controller

The Trade Council, Kingdom of Bahrain.

Privacy Enquiries

For privacy-related requests, questions, or complaints, contact our Data Protection Officer at: privacy@thetradecouncil.global

Response Time

We commit to responding to all privacy enquiries within 15 business days.