Legal

Privacy Policy

How Private Advisory Abu Dhabi collects, uses and protects personal data under UAE law.

Draft for PAAD review — not legal advice. Final wording to be approved before launch.

1. Introduction

Private Advisory Abu Dhabi ("PAAD", "we", "us") operates paad.co and related advisory services. This policy explains how we process personal data in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "UAE PDPL") and applicable regulations.

2. Data we collect

We may collect:

  • Identity and contact details (name, email address, telephone number, company name)
  • Correspondence and enquiry content submitted via our contact form
  • Newsletter or insights subscription email addresses
  • Technical data (IP address, browser type, pages visited) via hosting and security tools
  • Turnstile verification tokens when you submit forms (processed by Cloudflare)

3. How we use your data

We use personal data to:

  • Respond to enquiries and provide advisory services you request
  • Send operational communications related to your engagement
  • Publish insights you subscribe to, where applicable
  • Maintain security, prevent abuse, and improve our website
  • Comply with legal and regulatory obligations in the UAE

4. Lawful basis

Processing is based on your consent (e.g. form submission, marketing opt-in), performance of a contract or pre-contractual steps, our legitimate interests in operating a professional advisory practice, and compliance with legal obligations under the UAE PDPL.

5. Third-party processors

We use trusted processors who may process data outside the UAE subject to appropriate safeguards:

  • Cloudflare — website hosting, CDN, security (Turnstile bot protection), and Workers infrastructure
  • Resend — transactional email delivery for contact notifications
  • Clerk — authentication for internal admin tools (not public website visitors unless otherwise stated)

We do not sell personal data.

6. Retention

  • Contact and lead records: up to 24 months after last interaction, unless a longer period is required for engagement or law
  • Subscriber emails: until you unsubscribe or request deletion
  • Server and security logs: typically 30–90 days

7. Your rights

Under the UAE PDPL you may have the right to access, rectify, erase, restrict processing, object, and withdraw consent. You may also lodge a complaint with the UAE data protection authority.

To exercise rights, contact: contact@paad.co. We will respond within timelines required by applicable law.

8. International transfers

Where data is transferred internationally via our processors, we rely on appropriate contractual and organisational measures consistent with UAE requirements.

9. Security

We apply technical and organisational measures including encryption in transit, access controls, rate limiting, and staff confidentiality obligations. No method of transmission over the internet is fully secure.

10. Changes

We may update this policy. The current version is published at https://paad.co/privacy with an updated effective date when revised.

Effective date (draft): 22 May 2026