Privacy Policy

1. Introduction
Gentium Incentives ("we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, and safeguard personal information in compliance with the Bahrain Personal Data Protection Law (PDPL).

2. Data Controller Information
For the purposes of the PDPL, the Data Controller is:

Entity Name: Gentium Advisers WLL

Address: 4254,Building 2004, Road 1527, Block 115, Hidd, Kinngdom of Bahrain

Contact Email: contact@gentiumadvisers.com

3. Personal Data We Collect
We collect information necessary to manage incentive programs, mitigate financial risk, and fulfill rewards. This includes:

Identity Data: Full name, date of birth, and government-issued ID (CPR/Passport) where required for high-value rewards.

Contact Data: Email address, phone number, and physical mailing address.

Financial Data: Bank account details or wallet addresses for incentive disbursements.

Transaction Data: Details about the qualifying purchase or action that triggered the incentive.

Technical Data: IP address and browser type collected via our platform to prevent fraud.

4. Legal Basis for Processing
Under Article 4 of the Bahrain PDPL, we process your data based on:

Contractual Necessity: To deliver the incentive/reward you have earned.

Legal Obligation: To comply with Bahraini tax, AML (Anti-Money Laundering), and accounting laws.

Legitimate Interests: To prevent fraud and manage the financial risks associated with over-redemption.

Consent: Where you have explicitly opted-in to receive marketing communications.

5. Data Transfer Outside of Bahrain
As a global service, your data may be transferred to our centers in the UK or other jurisdictions. In accordance with Article 12 and 13 of the PDPL:

We only transfer data to countries recognized by the Bahrain Ministry of Justice as having "Adequate Protection."

For transfers to other countries, we utilize Standard Contractual Clauses (SCCs) or obtain your explicit consent.

6. Your Rights as a Data Subject
The Bahrain PDPL grants you specific rights:

Right to Access: You may request a copy of the personal data we hold about you.

Right to Rectification: You can request that we correct inaccurate or incomplete data.

Right to Erasure (Right to be Forgotten): You may request the deletion of your data when it is no longer needed for the original purpose (subject to legal retention requirements).

Right to Object: You have the right to object to processing for direct marketing or where processing causes "unwarranted substantial damage."

Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

7. Data Security
We implement robust technical and organizational measures to protect your data from unauthorized access, loss, or alteration. As an incentive risk manager, we use encrypted channels for all financial transmissions and maintain a strictly controlled "need-to-know" access policy for employee data access.

8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements (typically 5–10 years under Bahraini commercial law).

9. Complaints
If you believe your rights under the PDPL have been violated, you have the right to lodge a complaint with the Bahrain Personal Data Protection Authority (PDPA).