Logo
Direct • Honest • Safe

Data Protection & Cybersecurity

At DHS Exchange, protecting client data and assets is a top priority. We follow a Direct, Honest, Safe approach, ensuring confidentiality, integrity, and resilience of information in compliance with the Dubai Virtual Assets Regulatory Authority (VARA) and the UAE's Federal Decree Law No. 2 of 2019 (DPL).

VARA Compliant
UAE DPL Aligned
24/7 Monitored
Protection
Encryption
Monitoring

Data Protection Principles

DHS Exchange applies the following principles to all personal and transactional data

Data Minimization

We collect only what is necessary to operate and comply with regulatory obligations.

Consent

Clients must provide informed consent before data is stored or processed.

Purpose Limitation

Data is used strictly for regulatory, operational, and security purposes.

Transparency

Clients are informed about what data is collected, how it is used, and retention periods.

Data Security Measures

Comprehensive protection for all client information

  • Encryption: Sensitive information is encrypted both in transit and at rest.
  • Backups: Critical data is securely backed up and tested regularly for recovery.
  • Access Control: Internal access to data is strictly limited on a need-to-know basis.
  • Vendor Compliance: All third-party providers are evaluated for regulatory and security compliance.
Data Retention & Storage Limitation

Compliance with UAE and VARA regulations

  • Data is retained only for the duration required by law (AML/CTF obligations, VARA rules).
  • Retention follows Federal Decree Law No. 2 of 2019 (DPL): limited to specific purposes and disclosed to clients.
  • Different categories of data (identity, financial, transactional) follow separate retention policies.

Cybersecurity Framework

24/7 Monitoring

Systems are monitored continuously for fraud and anomalies.

Incident Response

DHS maintains protocols for immediate detection, escalation, and response to breaches.

Resilience Testing

Regular penetration tests and audits are performed by independent experts.

Asset Segregation

Client assets are stored with Hextrust in segregated custodial accounts.

Client Rights

Your data, your rights

  • Clients may request information on their stored data.
  • Clients have the right to request corrections or, where legally possible, deletion of their personal data.
  • DHS Exchange ensures that no client data is shared with unauthorized third parties.
Transparency Commitment

Open and honest communication

  • Privacy notices and data protection policies are updated regularly.
  • Any material changes to our cybersecurity or data protection practices will be disclosed to clients in advance.
Regular policy updates and notifications

To view and download DHS latest Privacy Policy click here: