Last Updated: September, 2023
This Privacy Policy is designed to protect the privacy, secrecy, safety, unity, and integrity of our clients’ personal data in accordance with the best international standards and practices.
The provisions of this Privacy Policy shall apply to the processing of personal data, whether totally or partially, through automatically operated electronic systems or other means about:
• visitors to our website (hereafter, the “Site”);
• contact persons for our clients and/or prospective clients;
• contact persons for suppliers of goods and services to the Firm;
• any other individuals about whom the Firm obtains Personal Data.
We ensure your personal data is kept securely and protected from any breach, infringement, illegal or unauthorized processing. This Privacy Policy establishes technical and organizational measures and procedures in accordance with the latest data protection legislation and laws of the United Arab Emirates and Dubai Silicon Oasis Authority.
• Definitions
As used in this Privacy Policy, the following terms shall have the following meanings:
The Company: MDC Business Advisors - FZCO (“we,” “us,” or “our”) – a company, including any of its representatives or employees, which provides business and legal consulting services for natural persons and entities (the “professional services”).
Client: any existing or potential client of the Company– a natural person or an entity.
Personal Data: any data which relates to an identified or identifiable natural person, or one who can be identified directly or indirectly by way of linking data, using identifiers such as name, address, telephone number, email ID, passport details, identification number, etc.
The Data Subject: any Client who is a natural person, or any representative, beneficial owner, or employee of a Client who is an entity, or any other natural person, whose Personal Data is provided by performing any of the following actions:
• contacting the Company using contact details found on this website or obtained from other sources,
• entering into an agreement on providing any range of professional services by the Company,
• performing other actions which lead to disclosure of Personal Data.
Processing: any operation or set of operations which is performed on Personal Data using any electronic means. This process includes collection, storage, recording, organization, adaptation, alteration, circulation, modification, retrieval, exchange, sharing, use, or classification or disclosure of Personal Data by transmission, dissemination, distribution, or otherwise making it available, or aligning, combining, restricting, blocking, erasing, or destroying Personal Data or creating models thereof.
Automated Processing: processing that is carried out using an electronic program or system that is automatically operated, either completely independently without any human intervention, or partially independently with limited human supervision and intervention.
Cookies: small amounts of data that are stored on your browser, device, or the page you are viewing. Some cookies are deleted once you close your browser, while other cookies are retained even after you close your browser so that you can be recognized when you return to a website.
Purposes of Personal Data processing
The Company may process or ensure of processing of Personal Data for the following purposes:
• for the provision of professional services, including any professional advice given by the Company prior to the respective agreement;
• for effective client relationship management and coordination of interactions with Clients;
• to improve and develop the provision of services by the Company in order to ensure higher quality and reach higher standards of such services;
• to comply with applicable laws, regulations, or regulatory requirements to which the Company is subject, including anti-money laundering laws and KYC checks;
• to make our Site more intuitive and easier to use;
• to protect the security and effective functioning of our Sites and information technology systems;
• for any other purpose related or ancillary to any of the purposes listed hereabove, or for any purpose for which Personal Data was provided to the Company.
Principles of Personal Data protection
• Processing must be made in a fair, transparent, and lawful manner.
• Personal Data may be collected for the purposes stated in this Privacy Policy and may not be processed in a manner incompatible with such purposes. Personal Data may be processed if the purpose of processing is similar or close to the purpose for which such data is collected.
• Personal Data shall be sufficient for and limited to the purpose for which the processing is made.
• Personal Data must be accurate and correct and must be updated whenever necessary.
• Personal Data must be kept securely and protected from any breach in accordance with other principles set by this Privacy Policy.
• Types of Personal Data
The Company processes or ensures of processing of the following types of Personal Data:
• Individual and contact details: name, title, organization, mailing address, email address, telephone number, nationality, gender, date and place of birth, job title, job responsibilities and employment history, marital status and family details, hobbies and interests etc.
• Identification details: government identifiers, passport number, identification card number, national insurance number, tax identification number, driving license number, beneficial ownership data, due diligence data, etc.
• Client service data: Personal Data received from clients in respect of employees, customers or other individuals known to clients, invoicing details and payment history, and client feedback.
• Financial information: bank account details, income or other financial information.
• Anti-money laundering, and anti-fraud databases, or sanctions lists data.
• Case details: information needed for the purposes of, or in connection with, the provision of professional services by the Company.
• Other identifiers: Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Sites (Usage Data), etc.
• Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on Our Site and store certain information.
Cookies on our Sites are generally divided into the following categories:
• Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
• Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
• Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
• Targeting Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
• Sources of Personal Data
The sources from which the Company collects Personal Data may include:
• the natural person whose data is being collected;
• third parties connected with the natural person, including an employer or service provider;
• our Clients;
• our service providers and counterparties;
• other third parties;
• anti-money laundering, anti-fraud databases, and sanctions lists;
• other publicly available registers or sources of information.
Where the Company receives data from its clients about employees, customers or other individuals, the client is responsible for ensuring that any such data is transferred to us in compliance with applicable data protection laws.
• Categories of recipients of Personal Data
Personal Data may be accessible to the Company and its employees. The categories of recipients of Personal Data may also include:
• Our service providers and business partners in actual or potential transactions, opponents in actual or potential litigation, arbitration or other legal proceedings and their legal counsel, co-counsel, barristers, specialist professionals and/or experts. We always ensure that any sharing is conducted in accordance with applicable data protection laws and with the appropriate contractual safeguards.
• Banks, financial institutions, accountants, auditors, etc. We may share your personal data for financial transactions, related to our products and services, ensuring accurate financial reporting, compliance with regulatory requirements, and conducting audits for internal and external purposes.
• Legal and regulatory authorities: we may disclose your personal data to law enforcement agencies, government authorities, or regulatory bodies when required by law, or in response to valid legal processes such as subpoenas, court orders, or requests from public authorities. This is done to comply with our legal obligations and protect our rights, privacy, safety, or property, as well as that of our users.
• sub-processors of Personal Data engaged by the Company in order to comply with applicable data protection legislation and laws, and provisions of this Privacy Policy.
The Company’s obligations
• The Company shall take the appropriate technical and organizational measures and procedures to apply the necessary standards to protect and secure Personal Data, in order to maintain its confidentiality and privacy and to ensure that it is not infringed, damaged, altered or tampered with, taking into account the nature, scope and purposes of processing and the potential risks to the confidentiality and privacy of the Personal Data.
• The Company shall ensure that the processing of Personal Data is limited to its intended purpose.
• The Company shall apply appropriate measures, both when defining the means of processing and during the processing itself, in order to comply with the applicable data protection legislation and laws, and provisions of this Privacy Policy.
• In case of appointment of a processor, the Company shall ensure that such processor provides sufficient guaranties to apply technical and organizational measures in a manner that ensures that the processing meets the requirements, rules and principles stipulated in the applicable personal data protection legislation and laws.
• The Company shall not take any action that would disclose the Personal Data or the results of processing, except in cases permitted by law.
• The Company shall comply with other obligations arising from this Privacy Policy or the applicable personal data protection legislation and laws.
• Cross-border Transfers of Personal Data
The Personal Data may be transferred outside the United Arab Emirates in the following cases:
• if there is an adequate level of personal data protection in the country or territory to which the Personal Data is to be transferred;
• if the United Arab Emirates accedes to bilateral or multilateral agreements related to personal data protection with the countries to which the Personal Data is to be transferred;
• if it is permitted by a contract that obliges the parties to implement the provisions, measures, principles, and requirements set out in the applicable data protection legislation and laws of the United Arab Emirates and Dubai Silicon Oasis Authority;
• the express consent of the Data Subject to transfer his/her Personal Data outside the United Arab Emirates;
• if the transfer is necessary to fulfill obligations and establish, exercise, or defend rights before judicial authorities,
• if the transfer is necessary to enter into or execute an agreement between the Company and the Data Subject, or between the Company and a third party to achieve the Data Subject’s interests,
• if the transfer is necessary to perform a procedure relating to international judicial cooperation,
• if the transfer is necessary to protect the public interest.
• Consent to Personal Data processing
The Client who is the Data Subject gives his/her consent to Personal Data processing, by performing any actions listed in chapter 1 paragraph 5 of current Privacy Policy.
The Client who is the Data Subject confirms that his/her consent to Personal Data processing is given in a clear, simple and unambiguous manner.
If the Client provides (disclose) Personal Data of another Data Subject, this Client guarantees that he/she has the prior consent of the Data Subject for such disclosure.
• Retention of data
The Company shall only retain the Personal Data for as long as it is necessary to fulfill the purpose for which it was collected.
The Personal Data will typically be retained by the Company for the duration of the relevant retainer and up to 10 years thereafter unless such information is or may be otherwise required to be retained for a longer period by any applicable laws or regulations, in which case such Personal Data shall be retained for such longer period.
• Your Rights and Choices
You have certain rights regarding your personal information.
• Withdraw Consent: you have the right to withdraw your consent for the collection, processing, and storage of your personal information at any time. If you wish to withdraw your consent, please contact us.
• Access, rectification and restriction: you have the right to access the personal information we hold about you. If you believe that any of the information, we hold is inaccurate or incomplete, you may request its rectification. As well as you can object to the processing of your personal information for specific purposes or request the restriction of processing when you believe your data is inaccurate or unlawfully processed. To exercise these rights, please contact us.
• Complaints: if you have concerns about how we handle your personal information, you have the right to lodge a complaint with the relevant data protection authority. However, we encourage you to reach out to us first at info@mdc-advisors.com to address your concerns.
• Promotional emails: you can opt-out of receiving promotional emails by following the instructions provided in the email.
• Cookies: you can disable cookies through your browser settings.
• Changes
We may update this Privacy Policy to reflect changes in our practices or applicable laws. The "Last Updated" date at the top indicates the latest revision date. Continued use of our Website after such changes constitutes your acceptance of the revised Privacy Policy.
• Contact us
If you have any further questions, concerns, or complains in relation to our use of your Personal Data, please do not hesitate to email us at info@mdc-advisors.com