ExpertMENA

Menu
English Arabic

Privacy Policy

Expert MENA Privacy Policy

Updated December 2023

1. Privacy Policy Overview

Expert MENA Consulting Sole Proprietorship – L.L.C. (hereinafter referred to as “Expert MENA”, “we”, “us”, or “our”) is the issuer of this Privacy Policy. It applies to individuals outside our organization with whom we engage, including, but not limited to, clients, visitors to our digital platforms, and other service users through our Sites (collectively referred to as “you”, or “your”). The definitions of terms utilized in this Privacy Policy are elucidated in Section (20).

This Privacy Policy delineates our practices regarding the processing of your personal data in accordance with the United Arab Emirates’s Federal Decree-Law No. (45) of 2021 on Personal Data Protection Laws. In the context of this Privacy Policy, Expert MENA is designated as the Data Controller. For inquiries or further information, please refer to our contact details in Section (19).

This Privacy Policy may undergo revisions or updates periodically to mirror modifications in our personal data processing practices or alterations in relevant legal regulations. We strongly encourage a thorough review of this Privacy Policy and regular visits to this section to stay informed of any changes made in accordance with the provisions of this Privacy Policy.

2. Acquisition of Personal Data

We may request or require you to provide personal information to access services or engage in certain activities on our Sites and digital platforms. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

We engage in the collection or procurement of your Personal Data through various methods:

  • Direct Collection: Your Personal Data may be gathered directly from you. This could occur in instances where you initiate contact with us, whether via email, telephone, or through other direct interactions.
  • Relationship Data: During the course of our relationship with you, whether as a client, a service recipient, or through other professional interactions, we may collect or obtain Personal Data.
  • Network Member Information: If you apply to become a Network Member with our organization, we may collect or obtain relevant Personal Data.
  • Publicly Available Data: We may collect or obtain Personal Data that you have chosen to make public. This includes information shared on social media platforms or business networking sites.
  • Site Interaction Data: When you visit our websites or engage with any features or resources available on these sites, we may collect or obtain Personal Data.
  • Registration Data: We collect or obtain Personal Data when you register to use any of our sites or services.
  • Data from Third Parties: We may receive your Personal Data from third-party sources, such as credit reference agencies, law enforcement authorities, and other relevant entities.

This collection of Personal Data is a vital part of our ability to provide efficient and tailored services. We assure you that all data collection is conducted with the utmost respect for your privacy and in compliance with applicable data protection laws.

3. Generation of Personal Data

In the course of our interactions, we may generate Personal Data associated with you. This encompasses but is not limited to, detailed records of your engagements and communications with our organization.

Furthermore, we undertake the creation of Personal Data in various contexts, such as:

  • Documenting interactions with us, whether through direct communication, service provision, or other professional exchanges.
  • Generating records pertaining to your dealings with our clients or our Network Members.

This process of generating Personal Data is integral to maintaining comprehensive records of our interactions and services, ensuring we can provide continued excellence in our offerings and support. Rest assured, all data generation is conducted in strict adherence to relevant data protection and privacy laws, safeguarding your information throughout our engagement.

4. Types of Personal Data Processed

Our processing activities may encompass a diverse array of your personal data categories. These include:

Our processing activities may encompass a diverse array of your personal data categories. These include:

  • Personal Details: This encompasses your given name(s), preferred name, and photograph (if provided).
  • Demographic Information: Data such as your date of birth, salutation, title, and language preferences.
  • Network Member Data: For Network Members, this extends to include wireless device addresses (including text message addresses), payment information, professional biography, and other relevant profiling data that reflects your experience and expertise.
  • Contact Information: Your address, telephone number, email address, and details of your public business networking profile(s) or online biographies.
  • Consent Records: Documentation of any consent you have given, including the date, time, method of consent, and any related information (e.g., subject matter of the consent).
  • Payment Information: This category includes invoice records, payment records, billing addresses, payment methods, bank account numbers, card or account security details, SWIFT details, IBAN details, payment amounts, and payment dates.
  • Site Usage Data: Information related to your use of our Sites, such as device type, operating system, browser type and settings, IP address, language settings, access dates and times, user credentials, security login details, usage data, aggregate statistical information, ISP details, referral and exit pages, and clickstream data.
  • Employer Details: When you interact with us in your professional capacity, relevant information about your employer, including name, address, telephone number, and email address.
  • Opinions and Views: We may process any views and opinions that you elect to send to us or publicly post on social media platforms about our organization.

This comprehensive approach to processing personal data allows us to tailor our services and interactions more effectively. We are committed to handling this data with the utmost care and in compliance with applicable privacy and data protection laws.

5. Legal Foundations for Processing Personal Data

In our processing of your Personal Data, we adhere to certain legal bases, ensuring that each activity is compliant and justified. The specific legal basis employed depends on the nature of the processing and is outlined as follows:

  • Consent: We engage in the processing of your Personal Data when we have received your explicit, prior consent. This legal basis is applied exclusively to processes that are entirely voluntary and is not utilized for mandatory or necessary processing activities.
  • Contractual Necessity: Your Personal Data may be processed if it is necessary for fulfilling a contract to which you are a party. This includes scenarios where you are a member of the Expert MENA Network, have applied for Network Membership, or are a client of Expert MENA.
  • Compliance with Legal Obligations: We may process your Personal Data when it is required by applicable laws, including but not limited to fulfilling our obligations related to health and safety standards for employees.
  • Vital Interests: There are circumstances where the processing of Personal Data is vital for the protection of the essential interests of any individual.
  • Legitimate Interests: We process your Personal Data when we have a legitimate interest in the processing. To ensure the appropriateness of this basis, we conduct a balancing test considering the following:
    • Lawfulness and Proportionality: The processing is lawful, proportionate, and aligns with the terms of this Privacy Policy.
    • Legitimate Business Need: We confirm that there is a legitimate business necessity for the processing.
    • No Adverse Impact: We ascertain that the processing is unlikely to have a significant negative impact on your interests, fundamental rights, or freedoms.

In each instance of processing, our commitment is to uphold the highest standards of data protection and privacy, ensuring that your Personal Data is handled responsibly and in accordance with all relevant legislation.

6. Handling of Sensitive Personal Data

Our approach to managing Sensitive Personal Data is characterized by caution and compliance with relevant laws. We do not actively seek to collect or process such data as part of our standard business operations. Nonetheless, should the need arise to process your Sensitive Personal Data for legitimate purposes, we adhere strictly to applicable legal standards.

In instances where processing of Sensitive Personal Data becomes necessary, we rely on one of the following legal justifications:

  • Compliance with Legal Requirements: We may process your Sensitive Personal Data when such processing is mandated or authorized by applicable laws. This may include situations where we need to fulfill our diversity reporting responsibilities or health and safety obligations to employees
  • Crime Detection and Prevention: There are circumstances where we might process your Sensitive Personal Data for the purpose of detecting or preventing criminal activities, including fraud prevention.
  • Legal Claims: Processing of your Sensitive Personal Data may be necessary for establishing, exercising, or defending legal rights.
  • Consent: In certain cases, we may process your Sensitive Personal Data with your explicit consent, in accordance with the law. This basis is reserved for processing activities that are entirely voluntary and are not employed for necessary or obligatory processing.

It is imperative that if you choose to disclose Sensitive Personal Data to us, such disclosure is lawful, including the availability of a legal basis for our processing of that data, as outlined above. Our commitment is to ensure that all handling of Sensitive Personal Data is conducted with the utmost respect for privacy and in full compliance with applicable data protection regulations.

7. Objectives for Processing Personal Data

Our processing of your Personal Data, in strict adherence to applicable laws, is driven by multiple objectives including but not limited to:-,

  • Service Provision: This includes delivering our sites or services, responding to service requests, and maintaining communication with you regarding these services.
  • Site Management: Operating and managing our sites, presenting content, showcasing advertising, interacting with you via our sites, and informing you of any changes to our sites or services.
  • Network Member Engagement: Communicating about Network Membership (actual or prospective), offering participation opportunities in the Expert MENA Network, and updating you on Expert MENA’s developments. In alignment with our Terms and Conditions, we may use your information for service provision and promoting Expert MENA, including in Marketing Materials. You retain the option to opt out of this promotional use.
  • Communication Practices: We engage in various forms of communication, including email, phone, social media, etc., to share information potentially of interest to you, such as Expert MENA events or new offerings, ensuring compliance with legal standards and obtaining necessary consent.
  • Communications and IT Operations: Managing communication systems, IT security operations, and conducting IT audits
  •  Financial Administration: Involves sales, finance, corporate audit, and vendor management activities.
  • Survey Participation: Soliciting your feedback on our services.
  • Security Measures: Ensuring the physical security of our premises, including visitor logs and CCTV recordings, as well as electronic security measures like login records and access details.
  • Investigative Procedures: Detecting, investigating, and preventing policy breaches, fraud, or legal violations in compliance with the law.
  • Legal Claims: The establishment, exercise, and defense of legal rights.
  • Regulatory Compliance: Fulfilling our legal and regulatory obligations, including health and safety responsibilities to employees.
  • Site and Service Improvement: Identifying and resolving issues with our sites or services, planning enhancements, and developing new sites or services.
  • Recruitment Processes: Conducting recruitment activities, position advertising, interview procedures, suitability analysis, record-keeping of hiring decisions, and managing offer and acceptance details.

These objectives for processing your Personal Data are integral to our operation and service delivery and are pursued with a commitment to legal compliance and the highest standards of data protection.

8. Disclosure of Personal Data to External Entities

Our disclosure of your Personal Data is conducted with a high degree of professionalism and adherence to legal standards. We may share your Personal Data with various entities and for diverse reasons, as detailed below:

  • Within Expert MENA Group: For legitimate business purposes, which include operating our sites and providing services to you, in line with applicable law.
  • External Parties:
    • Your representatives, as appropriate
    • Legal and regulatory authorities for compliance purposes or to report breaches.
    • Professional advisors like accountants, auditors, and lawyers, under strict confidentiality agreements.
    • Third-party processors globally, such as payment services, survey partners, marketing firms, and cloud providers, as specified in this Section (8).
    • Relevant parties in legal matters for the establishment, exercise, or defense of legal rights.
    • Entities involved in crime prevention, investigation, or prosecution.
    • Third parties when necessary to prevent harm, injury, or loss.
    • Potential acquirers in the event of a sale, transfer, reorganization, dissolution, or liquidation of our business.
    • Third-party providers for plugins, advertising, or content on our Sites. Interaction with these elements may result in data sharing, and we advise reviewing their privacy policies.
  • Third-Party Processors: When employing third-party processors, they are contractually obligated to process Personal Data only based on our instructions and to maintain confidentiality and security, alongside adhering to any additional legal requirements.

For Network Members:

  • Your information may be disclosed to clients, with confidentiality constraints
  • Disclosures to third parties, like past employers or clients, may occur to confirm consent for your participation in the Expert MENA Network or specific projects.
  • Partners in surveys, compliance checks, and screenings may receive relevant data.
  • Clients may disclose project-related information, such as your involvement and compensation, as required by law or their policies.

Our approach to data disclosure prioritizes your privacy and complies with all applicable laws, ensuring your Personal Data is handled with the utmost care and responsibility.

9. International Data Transfer Protocols

In the context of our global operations, the transfer of your Personal Data across international borders is a necessity. This section outlines the protocols we adhere to in such transfers, ensuring compliance with data protection laws:

  • Data Transfer within Expert MENA and to Third Parties: As noted in Section (8), due to the international scope of our business, we may transfer your Personal Data among various entities within the Expert MENA group and to external third parties. These transfers are essential for the purposes outlined in this Privacy Policy and may involve countries with different data protection laws than those in your location.
  • Transfers from the GCC and UMA: Specifically, when transferring Personal Data from regions like The Gulf Cooperation Council (GCC) and The Arab Maghreb Union (UMA) to countries outside these areas that do not reside in jurisdictions deemed adequate in data protection, we rely on Standard Contractual Clauses. These clauses are a robust legal mechanism ensuring Expert MENA Privacy Policy Page 6 of 11 that your Personal Data remains protected according to the standards delineated in this Privacy Policy.
  • Standard Contractual Clauses: To obtain a copy of these clauses, you are encouraged to use the contact details provided in Section (19).
  • Data Processing in the United Arab Emirates: For individuals outside the MENA Region, it is important to recognize that Personal Data provided to us is processed in the United Arab Emirates and is safeguarded under this privacy policy and UAE laws. While UAE data protection laws may differ from those in your country, we ensure a consistent level of protection for your data.
  • Transfers Directly to Expert MENA Entities Outside GCC/UMA: In cases where you transfer Personal Data directly to an Expert MENA entity/partner located outside the GCC/UMA regions, the responsibility for that initial transfer lies with you. However, from the point of receipt, we process your Personal Data in accordance with our Privacy Policy.

This approach to international data transfer is a testament to our commitment to maintaining the integrity and security of your Personal Data, irrespective of geographical boundaries, and in compliance with applicable data protection regulations.

10. Data Security Protocols

In recognition of the critical importance of data security, we have instituted robust technical and organizational measures tailored to safeguard your Personal Data. These measures are meticulously designed to defend against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and other illicit or unauthorized processing activities, as mandated by applicable laws.

However, it is imperative to acknowledge the inherent vulnerabilities of the internet as a transmission medium. Despite our stringent security protocols, the complete security of data transmitted over the internet cannot be unequivocally guaranteed. Consequently, while we are committed to employing all reasonable efforts to protect your Personal Data, the security of data transmitted to us via the Internet cannot be absolutely assured. Therefore, any such transmission is undertaken at your own discretion and risk.

We emphasize the importance of transmitting Personal Data to us in a secure manner. You bear the responsibility for ensuring that any Personal Data you decide to send are conveyed through secure channels, thereby minimizing the risk of unauthorized access or compromise during transmission. This approach to data security underlines our commitment to protecting your Personal Data, while also recognizing and addressing the limitations and risks associated with online data transmission.

11. Data Accuracy Assurance

In adherence to the principle of data minimization, we diligently undertake every reasonable measure to confine the processing of your Personal Data to only what is strictly necessary. This commitment entails:

  • Accuracy and Currency: The Personal Data we process is accurate and, as needed, updated to reflect current information.
  • Correction of Inaccuracies: In instances where any of your Personal Data are found to be inaccurate, considering the purposes for which they are processed, we commit to prompt erasure or rectification of such inaccuracies.

In our ongoing efforts to maintain data accuracy, we may periodically reach out to you to verify the correctness of your Personal Data. This proactive approach is crucial to ensure that our records are not only accurate but also serve their intended purpose effectively and efficiently.

This commitment to data accuracy is an integral part of our responsibility towards responsible data management, aligning with best practices and regulatory standards. It reflects our dedication to ensuring that your Personal Data is handled with the highest levels of care and precision.

12. Data Minimization Commitment

Upholding the accuracy of your Personal Data is a cornerstone of our data management practices. We are dedicated to implementing every reasonable measure to ensure that:

  • Purpose-Specific Limitation: Ensuring that the Personal Data we process is strictly limited to what is reasonably required in relation to the specific purposes outlined in this Privacy Policy.

By conscientiously applying this principle, we aim to balance the need for data to effectively provide our services with the imperative of upholding the privacy and rights of individuals. This approach underscores our commitment to responsible data stewardship, aligning our practices with both ethical standards and regulatory requirements.

13. Data Retention Protocol

Our approach to data retention is governed by stringent standards, ensuring that your Personal Data is held only as long as necessary for lawful purposes. We implement every reasonable measure to align the retention of your Personal Data with the specific purposes outlined in this Privacy Policy. The criteria guiding our data retention policy include:

  • Ongoing Relationship Duration: 
    • We retain your Personal Data for as long as our relationship persists, such as when
      you are an active user of our services, a Network Member (or applicant), or part of our
      mailing list and haven’t unsubscribed.
    • In cases where you cease being a Network Member, we retain your data for six (6) years from your most recent interaction with any Expert MENA client.
    • Personal Data needed in connection with lawful purposes detailed in this Privacy Policy, for which we possess a valid legal basis (e.g., legitimate interest in business operations or contractual obligations), are retained accordingly.
  • Legal Compliance and Claim Consideration Period:
    • Retention aligns with any applicable legal limitation period (the time frame within which
      legal claims against us can be initiated in relation to your Personal Data).
    • An additional two (2) months following the end of the legal limitation period, providing a reasonable timeframe to identify Personal Data relevant to potential legal claims.
  • Extended Retention in Case of Legal Claims:
    • Extended Retention in Case of Legal Claims:

During the periods in points ii(a) and ii(b), our processing activities will primarily involve secure storage of your Personal Data, except when necessary for reviewing in relation to legal claims or complying with legal obligations.

Upon the conclusion of the periods specified in points (i), (ii), and (iii), as applicable, we will either:

  • Permanently delete or destroy the relevant Personal Data.
  • Anonymize the relevant Personal Data.

This comprehensive data retention framework is designed to ensure that your Personal Data is managed responsibly, securely, and in compliance with applicable legal and regulatory requirements.

14. Your Legal Rights Regarding Personal Data

In accordance with applicable laws, you are entitled to various rights concerning the processing of your Personal Data. These rights are detailed as follows:

  • Right to Withhold Personal Data: You have the option not to provide your Personal Data to us. However, it is important to note that this may limit your ability to fully utilize our Sites or services (e.g., we might be unable to process your orders without the necessary details).
  • Right of Access: You may request access to, or copies of, your Personal Data, along with detailed information about its processing and disclosure.
  • Right to Rectification: If there are inaccuracies in your Personal Data, you have the right to request their correction.
  • Right to Erasure or Restriction: You may request the erasure of your Personal Data or the restriction of its processing, based on legitimate grounds.
  • Right to Object: On legitimate grounds, you may object to the processing of your Personal Data by us or on our behalf.
  • Right to Data Portability: You have the right to have certain Personal Data transferred to another Controller in a structured, commonly used, and machine-readable format, where applicable.
  • Right to Withdraw Consent: If we process your Personal Data based on your consent, you have the right to withdraw this consent. This withdrawal does not affect the lawfulness of processing before the withdrawal nor the processing of Personal Data based on other legal bases.
  • Right to Lodge Complaints: You have the right to lodge complaints regarding the processing of your personal data with the relevant Data Protection Authority. This right applies particularly in the country in the MENA region where you reside, work, or where the alleged infringement of your data rights occurred, if such an authority exists and is applicable. Due to the diverse nature of data protection laws in the MENA region, it is advisable to seek information about the specific data protection regulations and authorities in the particular country concerned.

It is essential to understand that these rights do not infringe upon your statutory rights. To exercise any of these rights, or for inquiries about these rights, this Privacy Policy, or our processing of your Personal Data, please refer to the contact details provided in Section (19).

Please be aware that:

  • We may require proof of your identity to give effect to these rights.
  • In cases where your request necessitates additional fact-finding (e.g., determining noncompliance with applicable law), we will conduct a reasonable investigation before deciding on the appropriate course of action.

15. Use of Cookies and Similar Technologies

In our digital operations, the processing of your Personal Data may involve the use of cookies and similar tracking technologies. Our approach to this technology is detailed comprehensively in our Cookie Policy.

  • Cookie Deployment: During your interactions with our Site, we may deploy cookies onto your device or access cookies already present. This action is always contingent on obtaining your consent, as required by applicable laws.
  • Purpose and Scope: The use of cookies enables us to gather information about your device, browser, and in certain instances, your preferences and browsing habits. This information is vital for enhancing user experience and tailoring our services to your needs.
  • Data Processing via Cookies: The processing of your Personal Data through cookies and similar technologies is conducted in alignment with the stipulations of our Cookie Policy.
We prioritize transparency and compliance with legal requirements in our use of cookies and similar technologies. For a more detailed understanding of how these technologies affect your data and privacy, we encourage reviewing our Cookie Policy, accessible on our Site.

16. Terms of Use Compliance

The utilization of our Sites and services is stringently governed by our Terms of Use. We emphasize the importance of your adherence to these terms:

  • Mandatory Adherence: Your access to and use of our Sites, as well as our services, are contingent upon your full compliance with our Terms of Use.
  • Ongoing Review: We strongly advise regular consultation of our Terms of Use. This practice is crucial as it ensures your awareness and understanding of any modifications that may occur over time.

We implement these guidelines to maintain a structured and secure environment for all users. Your informed and consistent compliance with our Terms of Use is integral to the smooth operation and mutual benefit of all parties involved in using our Sites and services.

17. Enhanced Direct Marketing Practices

Our direct marketing endeavors involve the processing of your Personal Data to furnish you with information about services that might capture your interest. This process is conducted with careful consideration of your preferences and compliance with applicable laws:

  • Communication Methods: We may reach out to you through various channels such as email, telephone, direct mail, or other communication formats, providing insights into services that may align with your interests.
  • Service-Related Information: If you are a recipient of our services, we may send you details about our services, upcoming promotions, and other pertinent information, utilizing the contact details you have furnished to us. This will always be in strict adherence to applicable legal requirements.
  • Unsubscribing: At any point, you have the complete freedom to opt out of our promotional communications. This can be easily achieved by clicking the unsubscribe link found in every promotional email we dispatch. Post-unsubscription, we will cease sending promotional emails, though we may still contact you as necessary regarding any services you have specifically requested.

Our approach to direct marketing is designed to respect your communication preferences while keeping you informed about offerings that may be beneficial to you. Your control over the receipt of these communications is a priority, ensuring a tailored experience that aligns with your interests and consent.

18. Exert MENA Policy towards Minors

The Site is not intended for the use of Minors. We do not knowingly collect Information from children. If anyone becomes aware that a child has provided us with his or her personal information, you may contact us with details furnished in section (19).

19. Contact Information and Inquiries

For any queries, comments, or concerns regarding this Privacy Policy, or matters related to the processing of Personal Data by us or on our behalf, you are welcome to get in touch with us through multiple communication channels:

Expert MENA Consulting Sole Proprietorship – L.L.C.

P.O. Box 91707

Abu Dhabi, UAE

Email: [email protected] Online Contact Form: https://expertmena.com

We are committed to addressing your concerns and questions with the utmost attention and discretion. Your communication is valuable to us, and we assure you a responsive and thorough handling of your inquiries related to personal data processing or any other aspect covered in this Privacy Policy.

20. Definitions

This section provides detailed definitions of key terms used throughout this document:

  • Cookie: A small file placed on your device upon visiting a website, including our Sites. This term encompasses similar technologies such as web beacons and clear GIFs.
  • Controller: The entity responsible for determining the means and purposes of Personal Data Processing. In many jurisdictions, the Controller bears the primary responsibility for adhering to applicable data protection laws.
  • Network Member: An individual who has agreed to the Expert MENA Terms & Conditions of Network Membership and whose membership is currently active.
  • Data Protection Authority: An independent public body legally charged with overseeing compliance with relevant data protection laws.
  • GCC and UMA: The Gulf Cooperation Council and The Arab Maghreb Union, respectively.
  • Personal Data: Information relating to an identifiable individual, either directly or indirectly, particularly through identifiers like name, identification number, location data, online identifier, or factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.
  • Process/Processing/Processed: Operations performed on Personal Data, whether or not by automated means, including but not limited to collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, or destruction.
  • Processor: Any person or entity processing Personal Data on behalf of the Controller, excluding the Controller’s own employees.
  • Profiling: Automated processing of Personal Data to evaluate certain personal aspects of a natural person, particularly analyzing or predicting aspects like performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  • Relevant Personal Data: Personal Data for which we act as the Controller.
  • Sensitive Personal Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual life, criminal offenses or penalties, national identification number, or other information considered sensitive under applicable law.
  • Standard Contractual Clauses: Template transfer clauses adopted by the European Commission or a Data Protection Authority and approved by the European Commission.
  • Site: Any website operated or maintained by us or on our behalf

© 2024 Expert MENA Consulting Sole Proprietorship – L.L.C. All rights reserved.