United Arab Emirates
PDPL · DIFC · ADGM- How we handle data
- We operate in line with the UAE PDPL and the DIFC/ADGM regimes that apply in the free zones.
Data protection & security
Your clients’ data, protected properly.
Two parts: how we handle your clients’ data in line with each market’s expectations, and the concrete safeguards Valnex applies — from encryption and access control to NDAs and India-side delivery controls.
The principle
Trust is the product. Security is how we earn it.
When you hand a Valnex team your clients’ financial records, you’re extending your own duty of confidentiality across a border. We treat that as the core of the engagement, not an afterthought — with controls in place before any data moves and a posture mapped to each market’s rules.
At a glance
- Encryption in transit and at rest
- Role-based access with MFA
- Confidentiality agreements & NDAs
- Secure file transfer, not email
- Controls before any data moves
By market
Aligned to each market’s expectations
We’re aware of and operate in line with the data-protection expectations in each market we serve. How we handle personal data in detail is set out in our Privacy Policy.
United Kingdom
UK GDPR · DPA 2018- How we handle data
- We operate in line with UK GDPR and the Data Protection Act 2018.
Canada
PIPEDA · Law 25 · BC PIPA- How we handle data
- We operate in line with PIPEDA, Quebec’s Law 25 and British Columbia’s PIPA.
United States
GLBA · CCPA / CPRA- How we handle data
- We operate in line with US expectations — GLBA for financial data and state laws such as CCPA/CPRA.
Australia
Privacy Act 1988 · APPs- How we handle data
- We operate in line with the Privacy Act 1988 and the Australian Privacy Principles.
New Zealand
Privacy Act 2020 · IPPs- How we handle data
- We operate in line with New Zealand’s Privacy Act 2020 and the Information Privacy Principles.
Our safeguards
What we do on our side
Concrete controls, applied consistently across every engagement and every delivery seat.
Encryption everywhere
Data is encrypted in transit and at rest, so information is protected both while it moves and while it’s stored.
Access controls & MFA
Least-privilege access by role, enforced with multi-factor authentication. People can reach only what their work requires.
Confidentiality & NDAs
Every engagement — and every team member — is covered by confidentiality agreements and NDAs.
Secure file transfer
Source documents and deliverables move through controlled, secure channels — never loose, unencrypted email.
Controlled delivery environment
Our India delivery centre runs access-controlled workstations with restrictions on removable media, printing and unmanaged devices.
Vetted, trained people
Staff are screened on joining and complete recurring data-protection and security-awareness training.
Jurisdiction-aware response
A documented breach-response process, with notification support aligned to the regime your clients sit under.
Data minimisation
We take only the data a task needs, retain it only as long as required, and return or dispose of it under your instructions.
Our information-security practices are aligned to ISO 27001 principles and applied consistently across every engagement and every delivery seat.
Let’s talk
Your data, handled like it’s ours to protect.
Have a due-diligence question, or want to understand our controls in detail? Talk to us — we’ll walk you through exactly how your clients’ data is secured.