top of page

Privacy Policy

1. Who We Are

This Privacy Policy explains how we, Cortex GRC FZ-LLC, trading as GulfArabia Partners (“GulfArabia”, “we”, “us”, or “our”), collect, use, share, and protect personal data when you visit our website www.gulfarabia.ae (the “Website”) or otherwise interact with us.

Controller:
Cortex GRC FZ-LLC (trading as GulfArabia Partners)
Headquarters: Al Burrow St, Dubai Media City,
Building 5, Al Sufouh 2, Dubai, UAE
Email: info@gulfarabia.ae
gulfarabia.ae

We act as “Controller” for personal data we collect via this Website and in the course of our advisory services.

We are subject in particular to the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “UAE PDPL”), and, where applicable, other data protection laws such as the EU/UK GDPR. 

2. What Data We Collect

We may collect and process the following categories of personal data:

 

2.1. Data you provide directly

When you use our Website forms, book a consultation or otherwise contact us, you may provide:

·       Identification details: first name, last name

·       Contact details: email address, phone number

·       Professional information: company name, role, jurisdiction(s) of interest

·       Service-related details: selected service (e.g., business setup, M&A, crypto licensing, Golden Visa, real estate), nature of your enquiry

·       Any other information you choose to include in free text fields (e.g., background to your matter or project)

If you engage us as a client (separate from simply using the Website), we may also collect additional data necessary to onboard and provide services, such as:

·       Passport or ID details, residency/visa status

·       KYC/AML documentation

·       Corporate documents, shareholder information

·       Financial or transactional information relevant to the assignment (e.g., deal value, structure)

Those additional data and processing activities are governed primarily by our engagement letter or service agreementwith you, but this Policy still applies to Website-related processing.

 

2.2.      Data we collect automatically

When you visit the Website, we (and our service providers) may automatically collect certain technical and usage data, including:

·       Device and browser information (e.g., IP address, browser type, operating system, screen resolution)

·       Usage information (e.g., pages viewed, time spent, navigation paths, referring pages, clickstream)

·       Approximate location (e.g., country or city) based on your IP address

This information is typically collected through cookies and similar tracking technologies (see Section 7).

 

2.3.      Data from third parties

We may receive personal data about you from third parties, for example:

·       Professional referrals, partners and intermediaries

·       Publicly available sources (e.g., LinkedIn, corporate registries, sanctions lists)

·       Analytics and marketing platforms

We will only use such data in accordance with this Privacy Policy and applicable law.

3.Why We Process Your Data (Purposes & Legal Bases)

We process personal data for the following purposes and, where applicable, on the following legal bases under PDPL and GDPR-style frameworks:  

1.     Responding to enquiries and providing information

o   To respond to contact requests, consultation bookings, or questions submitted via our forms or email.

o   Legal basis: Performance of a contract or steps prior to entering into a contract; legitimate interest in responding to prospective clients.

2.     Client onboarding and service delivery

o   To perform conflict checks, KYC/AML due diligence, and general client onboarding.

o   To provide advisory services in areas such as business setup, M&A, management consulting, crypto licensing, Golden Visa, and real estate.

o   Legal basis: Performance of a contract; compliance with legal obligations (e.g., AML/CTF, sanctions laws).

3.     Operations, administration and record-keeping

o   To manage our relationship with clients and prospective clients.

o   To maintain internal records (e.g., engagement history, billing records).

o   Legal basis: Performance of a contract; legitimate interests in running and protecting our business.

4.     Marketing and business development

o   To send you updates, invitations, or information about our services that may be relevant to you (where permitted by law and subject to your preferences).

o   Legal basis: Consent (where required) and/or legitimate interests in promoting our services to business contacts.

5.     Website security, analytics and improvement

o   To monitor and protect the Website from misuse, security incidents or cyber threats.

o   To understand how visitors use the Website and to improve functionality, content and user experience.

o   Legal basis: Legitimate interests in securing and improving our digital services; compliance with legal obligations in relation to security and logging.

6.     Compliance and legal claims

o   To comply with applicable laws and regulatory requirements (e.g., PDPL, AML/CTF, tax).

o   To prevent fraud or misuse and to establish, exercise or defend legal claims.

o   Legal basis: Compliance with legal obligations; legitimate interests in protecting our rights and the rights of others.

4. How We Use Third-Party Services (Including Wix)

Our Website is hosted and operated using Wix.com Ltd. and related Wix services. Wix processes personal data about our site visitors on our behalf and in accordance with Wix’s own privacy and security documentation, including its Data Processing Agreement and Privacy Policy.  

This may include:

·       Hosting our Website and databases

·       Providing site analytics and performance metrics

·       Security monitoring and logging

·       Contact form management and email notifications

In addition, we may use other third-party tools and services, such as:

·       Analytics tools (e.g., Wix Analytics and/or Google Analytics) to understand how visitors use our Website

·       Communication tools (e.g., email service providers or online meeting tools)

·       Professional service providers (e.g., IT and security consultants, legal or accounting firms, cloud storage providers)

We require such providers to process personal data only in accordance with our instructions and applicable data protection laws.

5. International Data Transfers

Wix and some of our other service providers may store or process personal data in multiple jurisdictions, for example the United Arab Emirates, the European Economic Area, the United States, Israel, South Korea, Taiwan, or other locations as necessary.  

Where personal data is transferred outside the UAE, EU/EEA, UK, or other jurisdictions with specific data transfer rules, we will take appropriate safeguards as required by law – such as:

·       Ensuring the recipient country provides an adequate level of protection; and/or

·       Implementing contractual protections (e.g., data transfer agreements or standard contractual clauses) where necessary.

6. How Long We Keep Your Data

We keep personal data only as long as necessary for the purposes for which it was collected, including:

·       For enquiries and consultations: generally as long as needed to respond to your request and for a reasonable period afterwards (e.g., for follow-up, record-keeping, or potential future engagement).

·       For client engagements: for the duration of the engagement and for a subsequent retention period as required by law or professional rules (which may be several years, depending on the nature of the matter).

·       For marketing: until you unsubscribe or object, or until the data is no longer relevant.

·       For security and logs: for the period necessary to investigate issues and ensure Website integrity.

We may retain data for longer if required to comply with legal obligations, resolve disputes, or enforce our agreements.

7. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies (such as pixels or tags), which are small data files stored on your device to:

·       Enable core Website functionality (e.g., security, log-in where applicable)

·       Remember your preferences (e.g., language, cookie settings)

·       Perform analytics and improve performance (e.g., page views, time on page)

·       Support marketing or social media features (e.g., LinkedIn buttons)

Some cookies are strictly necessary for the Website to function and cannot be switched off. Others, such as analytics or marketing cookies, may be used only with your consent, depending on applicable law.

You can:

·       Manage your cookie preferences via your browser settings, and

·       Where provided, via the cookie banner or cookie settings on the Website.

If you block or delete certain cookies, some features of the Website may not function properly.

8. How We Protect Your Data

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or destruction, including:

·       Secure hosting through Wix with HTTPS/SSL encryption

·       Access controls and role-based permissions

·       Password protection and secure authentication

·       Regular updates and monitoring of our systems

·       Data minimisation and restricted access on a need-to-know basis 

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Your Rights

Depending on your location and the applicable law (e.g., UAE PDPL, EU/UK GDPR), you may have some or all of the following rights in relation to your personal data:  

1.     Right of access – to obtain confirmation as to whether we process your personal data and, if so, to receive a copy.

2.     Right to rectification – to request correction of inaccurate or incomplete personal data.

3.     Right to erasure – to request deletion of your personal data in certain circumstances.

4.     Right to restriction of processing – to request that we suspend processing of your personal data in certain situations.

5.     Right to data portability – to receive personal data you provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible.

6.     Right to object – to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interests (including profiling), and to object to processing for direct marketing.

7.     Right to withdraw consent – where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

8.     Right not to be subject to automated decision-making – to not be subject to a decision based solely on automated processing, including profiling, that has legal or similarly significant effects on you, in circumstances where such protections apply.

To exercise any of these rights, please contact us using the details in Section 13.

We may need to verify your identity before responding to your request and may be entitled to refuse or limit your request where permitted by applicable law (e.g., for legal privilege, overriding legitimate interests, or regulatory obligations).

10. Children's Data

Our Website and services are intended for business professionals and adult individuals. We do not knowingly collect personal data from children under the age of 18 (or the age of majority in your jurisdiction). If you believe that a child has provided us with personal data, please contact us so that we can delete it.

11. Third-Party Links and Social Media

The Website may contain links to third-party websites, platforms or services (for example: LinkedIn, banks, regulators, real estate platforms). When you click on such links, you will be redirected to third-party environments that are not controlled by us.

We are not responsible for how those third parties collect, use, and share personal data. We encourage you to read the privacy policies of any third-party sites or services you visit.

12. Marketing Communications

We may, where permitted by law and subject to your preferences:

·       Send you email updates, newsletters or invitations about our services or events;

·       Follow up with you after you submit an enquiry or book a consultation.

You can opt out of marketing communications at any time by:

·       Clicking the “unsubscribe” or similar link in the email, or

·       Contacting us directly using the details in Section 13.

Please note that even if you opt out of marketing, we may still send you service or administrative communications, such as information about an ongoing engagement with us.

13. Contacting Us and Complaints

If you have any questions about this Privacy Policy, our data practices, or if you would like to exercise your rights, please contact us at:

GulfArabia Partners
Cortex GRC FZ-LLC
Al Burrow St, Dubai Media City
Building 5, Al Sufouh 2, Dubai, UAE
Email: info@gulfarabia.ae
www.gulfarabia.ae

Talk to Our Team

Get in touch to book a consultation

Choose Service
bottom of page