Ready to check your compliance?
We'll reply within one business day.
By clicking the button, you consent to the processing of your personal data and agree to the Privacy Policy.
Free 2-minute check
How ready is your business for UAE data protection rules?
A quick self-assessment across UAE PDPL, DIFC and ADGM — see exactly where your gaps are.
Privacy Policy
Effective Date: 21.06.2026
Effective Date: 21.06.2026
1. Introduction
This Privacy Policy applies to anyone whose Personal Data is provided to us. It sets out how and why we collect, store, use and share your Personal Data. It also tells you about your privacy rights and how the law protects you. For suggestions, questions or concerns regarding this Privacy Policy or the processing of personal data, please contact:
[Company / DPO Name]
Email: [EMAIL]
Address: [ADDRESS]
As a provider of privacy, data protection, AI governance, and compliance advisory services, we recognize the importance of responsible data processing and transparency.
“We” or “us” means [Company Name]. [Company Name] that you deal with when providing your Personal Data will usually be the Controller in relation to the Processing of your Personal Data. It should be clear to you from your dealings with us which entity that is – if it is not, you can contact us for more information.
2. Applicable Laws
This Privacy Policy has been prepared with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL).
3. How we collect Personal Data
We collect Personal Data from individuals or their authorised representatives. There are several ways in which we collect this data, including through:
4. Personal Data We Collect
Information You Provide Directly
We may collect personal data including your name, company name, job title, email address, telephone number, country of residence, information contained in enquiries, emails, forms, correspondence, consultations, meetings, and service delivery interactions.
When you visit our website, we may automatically collect information such as your IP address, browser type and version, device information, operating system, pages visited, referring website, date and time of access, and website interaction data.
We may also collect marketing and communication information, including newsletter subscription preferences, event registration information, communication preferences, and records of correspondence with us.
5. Purposes of Processing
We process personal data for the following purposes:
Service Delivery
We process personal data for the purpose of providing privacy, data protection, AI governance, compliance, and related advisory services. This includes responding to enquiries and requests, assessing client needs, preparing proposals, statements of work, and service agreements, delivering consulting, audit, training, and outsourced DPO services, managing client relationships and communications, conducting compliance assessments and reviews, supporting implementation projects, and providing ongoing advisory and professional support.
Website Use
We may use Personal Data which you provide to us or we collect from you to maintain and improve our website services as well as to develop new features to improve customer experience and support, authenticate users and send administrative messages. We may conduct data analysis, testing, and research and to monitor and analyse usage and activity trends.
Marketing Activities
We may process personal data to provide newsletters, legal and regulatory updates, articles, publications, event invitations, webinars, and other marketing communications relating to our services and areas of expertise. We may also use personal data to inform individuals about our services, events, training programs, and business developments, as well as to conduct surveys, market research, and client satisfaction assessments. Individuals may opt out of marketing communications at any time by following the unsubscribe instructions included in our communications or by contacting us directly.
Legal and Regulatory Compliance
We may process personal data to comply with applicable laws, regulations, professional obligations, and regulatory requirements; maintain records required by law; establish, exercise, or defend legal claims; respond to lawful requests, court orders, regulatory inquiries, or governmental investigations; cooperate with competent authorities; and protect our legal rights, business interests, personnel, clients, and operations.
Recruitment
As part of our recruitment activities, we collect and process personal data relating to applicants at various stages of the recruitment process. This may include personal details, contact information, CVs and resumes, employment history, qualifications, interview notes, assessment results, references, and other information relevant to evaluating a candidate's suitability for employment or engagement.
We process this information for the purposes of managing recruitment activities, assessing candidates, conducting interviews, verifying qualifications and experience, communicating with applicants, and taking steps prior to entering into an employment, consultancy, or contractor agreement.
Personal data collected during the recruitment process may be shared on a need-to-know basis with recruitment agencies, background screening providers, reference providers, visa and immigration service providers, medical service providers (where required), affiliated entities, and professional advisers, as well as governmental authorities where required by applicable law.
6. Lawful Basis for Processing Personal Data
We collect and process Personal Data only where it is relevant to and necessary for specified, explicit, and legitimate purposes identified at the time of collection.
Depending on the circumstances, we may process Personal Data on one or more of the following legal bases:
We do not generally seek to collect or process Special Categories of Personal Data unless such information is necessary for the provision of our services, recruitment activities, compliance with legal obligations, the establishment, exercise, or defence of legal claims, or where otherwise permitted or required by applicable law.
High-Risk Processing Activities
Where required by applicable law, we will assess processing activities that may present a high risk to the rights and freedoms of individuals and implement appropriate safeguards, including privacy impact assessments, risk mitigation measures, and governance controls.
Where artificial intelligence, machine learning, or automated tools are used to support our operations or professional services, appropriate human oversight, governance measures, and safeguards will be implemented to protect personal data and ensure responsible use of such technologies.
8. Sharing Personal Data
We may share Personal Data where necessary and appropriate with:
Where Personal Data is transferred outside the UAE or another jurisdiction in which it was collected, we will implement appropriate safeguards designed to protect Personal Data in accordance with applicable data protection laws, including contractual safeguards and other lawful transfer mechanisms where required.
9. Data Retention
We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including the provision of our services, management of client relationships, compliance with legal, regulatory, accounting, tax, and professional obligations, and the protection of our legitimate business interests.
Retention periods may vary depending on the nature of the Personal Data, the purpose of processing, applicable legal requirements, contractual obligations, and operational needs.
We may retain Personal Data for longer periods where necessary to establish, exercise, or defend legal claims, respond to complaints, resolve disputes, conduct investigations, comply with regulatory requirements, or where otherwise permitted or required by applicable law.
Personal Data processed on the basis of consent will generally be retained until the relevant purpose has been fulfilled or until consent is withdrawn, unless continued retention is required or permitted by law.
Where Personal Data is no longer required, we will take reasonable steps to securely delete, anonymize, or otherwise dispose of such information in accordance with our data retention and information governance practices.
10. Information Security
We maintain appropriate technical, organizational, and administrative safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, loss, misuse, destruction, or other unlawful processing.
Such measures may include, where appropriate:
While we implement reasonable and appropriate safeguards to protect Personal Data, no method of transmission over the Internet, electronic storage system, or security control can guarantee absolute security. Accordingly, we cannot guarantee that Personal Data will always remain completely secure from unauthorized access, disclosure, alteration, or destruction.
11. Your Rights
Subject to applicable law, you may have the right to:
We may request information necessary to verify your identity before responding to your request.
12. Cookies and Similar Technologies
Our website may use cookies and similar technologies to:
13. Third-Party Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of third-party websites and encourage visitors to review their privacy notices.
14. Contact Us
For questions regarding this Privacy Policy or our processing of personal data, please contact:
[COMPANY NAME]
Email: [EMAIL]
Address: [ADDRESS]
Data Protection Contact: [DPO OR PRIVACY CONTACT]
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in applicable laws, regulatory requirements, industry standards, our business operations, services, technologies, or privacy practices.
Any updates will be published on this page together with the revised effective date. Where required by applicable law, we may also notify individuals of material changes through appropriate communication channels.
We encourage you to review this Privacy Policy periodically to remain informed about how we collect, use, disclose, and protect Personal Data.
This Privacy Policy applies to anyone whose Personal Data is provided to us. It sets out how and why we collect, store, use and share your Personal Data. It also tells you about your privacy rights and how the law protects you. For suggestions, questions or concerns regarding this Privacy Policy or the processing of personal data, please contact:
[Company / DPO Name]
Email: [EMAIL]
Address: [ADDRESS]
As a provider of privacy, data protection, AI governance, and compliance advisory services, we recognize the importance of responsible data processing and transparency.
“We” or “us” means [Company Name]. [Company Name] that you deal with when providing your Personal Data will usually be the Controller in relation to the Processing of your Personal Data. It should be clear to you from your dealings with us which entity that is – if it is not, you can contact us for more information.
2. Applicable Laws
This Privacy Policy has been prepared with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL).
3. How we collect Personal Data
We collect Personal Data from individuals or their authorised representatives. There are several ways in which we collect this data, including through:
- email and telephone contact with us;
- web-based conference or video calls with us;
- onsite visits or other meetings that take place with us in person;
- use of our website, including applications, surveys, online forms and systems available on our website;
- other online applications we make available;
- in connection with recruitment or employment;
- correspondence and other documents (hand delivered or sent to us by post or courier);
- engagement with governments, regulators, official bodies, authorities and organisations;
- visitor sign-in at any of our offices;
- security cameras;
- Wi-Fi sign-in; and
- subscriptions (for example, alerts, media releases, consultation papers, discussion papers, publications, changes
4. Personal Data We Collect
Information You Provide Directly
We may collect personal data including your name, company name, job title, email address, telephone number, country of residence, information contained in enquiries, emails, forms, correspondence, consultations, meetings, and service delivery interactions.
When you visit our website, we may automatically collect information such as your IP address, browser type and version, device information, operating system, pages visited, referring website, date and time of access, and website interaction data.
We may also collect marketing and communication information, including newsletter subscription preferences, event registration information, communication preferences, and records of correspondence with us.
5. Purposes of Processing
We process personal data for the following purposes:
Service Delivery
We process personal data for the purpose of providing privacy, data protection, AI governance, compliance, and related advisory services. This includes responding to enquiries and requests, assessing client needs, preparing proposals, statements of work, and service agreements, delivering consulting, audit, training, and outsourced DPO services, managing client relationships and communications, conducting compliance assessments and reviews, supporting implementation projects, and providing ongoing advisory and professional support.
Website Use
We may use Personal Data which you provide to us or we collect from you to maintain and improve our website services as well as to develop new features to improve customer experience and support, authenticate users and send administrative messages. We may conduct data analysis, testing, and research and to monitor and analyse usage and activity trends.
Marketing Activities
We may process personal data to provide newsletters, legal and regulatory updates, articles, publications, event invitations, webinars, and other marketing communications relating to our services and areas of expertise. We may also use personal data to inform individuals about our services, events, training programs, and business developments, as well as to conduct surveys, market research, and client satisfaction assessments. Individuals may opt out of marketing communications at any time by following the unsubscribe instructions included in our communications or by contacting us directly.
Legal and Regulatory Compliance
We may process personal data to comply with applicable laws, regulations, professional obligations, and regulatory requirements; maintain records required by law; establish, exercise, or defend legal claims; respond to lawful requests, court orders, regulatory inquiries, or governmental investigations; cooperate with competent authorities; and protect our legal rights, business interests, personnel, clients, and operations.
Recruitment
As part of our recruitment activities, we collect and process personal data relating to applicants at various stages of the recruitment process. This may include personal details, contact information, CVs and resumes, employment history, qualifications, interview notes, assessment results, references, and other information relevant to evaluating a candidate's suitability for employment or engagement.
We process this information for the purposes of managing recruitment activities, assessing candidates, conducting interviews, verifying qualifications and experience, communicating with applicants, and taking steps prior to entering into an employment, consultancy, or contractor agreement.
Personal data collected during the recruitment process may be shared on a need-to-know basis with recruitment agencies, background screening providers, reference providers, visa and immigration service providers, medical service providers (where required), affiliated entities, and professional advisers, as well as governmental authorities where required by applicable law.
6. Lawful Basis for Processing Personal Data
We collect and process Personal Data only where it is relevant to and necessary for specified, explicit, and legitimate purposes identified at the time of collection.
Depending on the circumstances, we may process Personal Data on one or more of the following legal bases:
- where processing is necessary for the performance of a contract or for taking steps prior to entering into a contract;
- where processing is necessary for our legitimate business interests, including providing professional services, responding to enquiries, managing client relationships, operating and improving our business, ensuring information security, preventing fraud or misuse, and protecting our legal rights, provided that such interests do not override the rights and freedoms of individuals;
- where processing is necessary to comply with legal, regulatory, accounting, tax, professional, or other statutory obligations applicable to us;
- where an individual has provided consent for specific processing activities and such consent is required under applicable law;
- where processing is necessary for the establishment, exercise, or defence of legal claims;
- where processing is necessary to protect the rights, property, security, personnel, clients, business operations, or other legitimate interests of the Company.
We do not generally seek to collect or process Special Categories of Personal Data unless such information is necessary for the provision of our services, recruitment activities, compliance with legal obligations, the establishment, exercise, or defence of legal claims, or where otherwise permitted or required by applicable law.
High-Risk Processing Activities
Where required by applicable law, we will assess processing activities that may present a high risk to the rights and freedoms of individuals and implement appropriate safeguards, including privacy impact assessments, risk mitigation measures, and governance controls.
- Automated Decision-Making and Artificial Intelligence
Where artificial intelligence, machine learning, or automated tools are used to support our operations or professional services, appropriate human oversight, governance measures, and safeguards will be implemented to protect personal data and ensure responsible use of such technologies.
8. Sharing Personal Data
We may share Personal Data where necessary and appropriate with:
- our employees, contractors, affiliated entities, and authorized representatives on a need-to-know basis;
- professional advisers, including lawyers, auditors, accountants, insurers, consultants, and other professional service providers;
- IT, cloud hosting, cybersecurity, communications, analytics, and other technology service providers that support our operations and service delivery;
- recruitment agencies, background screening providers, and other service providers involved in recruitment and engagement activities;
- regulatory authorities, governmental bodies, courts, law enforcement agencies, or other competent authorities where required by law or to protect our legal rights;
- third parties involved in actual or potential legal claims, disputes, investigations, audits, or regulatory proceedings;
- business partners, subcontractors, or service providers where necessary to provide our services;
- third parties in aggregated, statistical, or anonymized form where such information cannot reasonably be used to identify an individual.
Where Personal Data is transferred outside the UAE or another jurisdiction in which it was collected, we will implement appropriate safeguards designed to protect Personal Data in accordance with applicable data protection laws, including contractual safeguards and other lawful transfer mechanisms where required.
9. Data Retention
We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including the provision of our services, management of client relationships, compliance with legal, regulatory, accounting, tax, and professional obligations, and the protection of our legitimate business interests.
Retention periods may vary depending on the nature of the Personal Data, the purpose of processing, applicable legal requirements, contractual obligations, and operational needs.
We may retain Personal Data for longer periods where necessary to establish, exercise, or defend legal claims, respond to complaints, resolve disputes, conduct investigations, comply with regulatory requirements, or where otherwise permitted or required by applicable law.
Personal Data processed on the basis of consent will generally be retained until the relevant purpose has been fulfilled or until consent is withdrawn, unless continued retention is required or permitted by law.
Where Personal Data is no longer required, we will take reasonable steps to securely delete, anonymize, or otherwise dispose of such information in accordance with our data retention and information governance practices.
10. Information Security
We maintain appropriate technical, organizational, and administrative safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, loss, misuse, destruction, or other unlawful processing.
Such measures may include, where appropriate:
- role-based access controls and least-privilege access principles;
- authentication and identity management controls;
- encryption of data in transit and at rest;
- secure cloud infrastructure and hosting environments;
- network and endpoint security measures;
- logging, monitoring, and cybersecurity incident detection capabilities;
- data backup, recovery, and business continuity measures;
- confidentiality obligations applicable to employees, contractors, and service providers;
- vendor due diligence and third-party risk management procedures;
- privacy and information security policies and procedures;
- employee awareness, privacy, cybersecurity, and AI governance training programs;
- periodic reviews and assessments of security controls and risks.
While we implement reasonable and appropriate safeguards to protect Personal Data, no method of transmission over the Internet, electronic storage system, or security control can guarantee absolute security. Accordingly, we cannot guarantee that Personal Data will always remain completely secure from unauthorized access, disclosure, alteration, or destruction.
11. Your Rights
Subject to applicable law, you may have the right to:
- be informed about how your Personal Data is collected and used;
- access the Personal Data we hold about you;
- request correction of inaccurate or incomplete Personal Data;
- request deletion of Personal Data in certain circumstances;
- request restriction of processing;
- object to certain processing activities, including direct marketing;
- withdraw consent where processing is based on consent;
- request portability of your Personal Data where applicable;
- object to decisions based solely on automated processing where such decisions produce legal or similarly significant effects;
- lodge a complaint with a competent supervisory authority.
We may request information necessary to verify your identity before responding to your request.
12. Cookies and Similar Technologies
Our website may use cookies and similar technologies to:
- ensure website functionality;
- analyse website traffic;
- improve user experience;
- understand visitor interactions.
13. Third-Party Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of third-party websites and encourage visitors to review their privacy notices.
14. Contact Us
For questions regarding this Privacy Policy or our processing of personal data, please contact:
[COMPANY NAME]
Email: [EMAIL]
Address: [ADDRESS]
Data Protection Contact: [DPO OR PRIVACY CONTACT]
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in applicable laws, regulatory requirements, industry standards, our business operations, services, technologies, or privacy practices.
Any updates will be published on this page together with the revised effective date. Where required by applicable law, we may also notify individuals of material changes through appropriate communication channels.
We encourage you to review this Privacy Policy periodically to remain informed about how we collect, use, disclose, and protect Personal Data.
