This group-level privacy notice explains how Retu Global and its licensed entities collect, use, share, and protect personal data — and the rights you have over your data.
Where you are a client of a specific Retu Global licensed entity, the entity-level privacy notice provided to you at account opening — governed by the data protection law of that entity’s jurisdiction — applies in addition to this group-level notice. Where the two conflict, the entity-level notice prevails.
Retu Global operates through six licensed entities. Each entity is the data controller for personal data collected from its own clients and prospects, in accordance with the data protection law of its jurisdiction (including but not limited to GDPR for EU/EEA data subjects, POPIA for South African data subjects, and analogous frameworks elsewhere). Group-level processing is performed under intra-group data sharing arrangements.
Depending on your interactions with us, we may collect:
We process personal data on the following legal bases (terminology varies by jurisdiction):
We may share your personal data with: other Retu Global group entities (under intra-group data sharing arrangements), licensed counterparties (banks, custodians, payment service providers), regulators and statutory authorities (where legally required), and our professional advisers (auditors, legal counsel, compliance consultants — bound by confidentiality). We do not sell personal data.
Personal data may be transferred between Retu Global entities across jurisdictions for group operational purposes. Where required by applicable law (including GDPR Article 44+), we use Standard Contractual Clauses or other approved transfer mechanisms. Specific transfer safeguards applicable to your data are available on request.
We retain personal data for the period required by applicable regulatory record-keeping obligations — typically the longer of your relationship with us plus a statutory tail period (commonly 5 to 10 years post account closure, depending on jurisdiction). Some categories of data (e.g., marketing data) may be retained for shorter periods.
Subject to applicable law, you have rights to: access your personal data, request correction of inaccurate data, request erasure (subject to regulatory retention obligations), object to certain processing, withdraw consent (where processing is based on consent), data portability (where applicable), and lodge a complaint with the relevant supervisory authority. To exercise any of these rights, contact us at the address below.
We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, and unlawful processing. Security measures include encryption in transit and at rest, access controls, audit logging, and regular security testing. No system is impenetrable; we treat data security as a continuous discipline.
For questions about this privacy notice or to exercise your data rights, write to contact@retuglobal.com. For matters specific to a particular Retu Global entity, please indicate which entity holds your relationship and your enquiry will be routed accordingly. Response within applicable statutory timeframes.
We may update this notice periodically. Material changes will be notified via the channels through which we ordinarily communicate with you (email or in-platform notice). The current version is dated as shown at the top of this page.
For information on cookies and similar tracking technologies, see our cookie policy.