Data Protection & Compliance Policy
This Data Protection & Compliance Policy explains how we store, secure, handle, and process personal, corporate, and regulatory documents in accordance with UAE Personal Data Protection Law (PDPL), GDPR-aligned international data practices, and the requirements of UAE authorities (DED, Free Zones, ICP, MOHRE, Immigration, and banking institutions).
By using our services or submitting documentation, you acknowledge and accept the practices described in this policy.
- 1. Purpose of This Policy
- 2. What Data We Process
- 3. Legal Compliance & Government Authority Requirements
- 4. Security & Storage Safeguards
- 5. International Data Transfer Safeguards
- 6. Data Retention Policy
- 7. Confidentiality & Staff Access Control
- 8. Your Rights
- 9. Data Breach Procedures
- 10. Updates to This Policy
- 11. Contact Us
1. Purpose of This Policy
- Ensure confidential handling of all client information
- Meet mandatory regulatory documentation requirements
- Securely manage identity verification materials and corporate records
- Communicate your data rights transparently
2. What Data We Process
We handle data required for business setup and compliance in the UAE, including (as applicable):
- Passport copies and Emirates ID copies
- Visa and immigration records
- Proof of address
- Shareholder and director details
- Corporate documents (MOA, License, establishment card, etc.)
- Contact and communication information
- Payment-related details for invoicing and reconciliation
All data collected is necessary for service delivery and UAE legal compliance.
3. Legal Compliance & Government Authority Requirements
We process personal data under UAE licensing and immigration frameworks, including DED and Free Zones, ICP, MOHRE, and banking KYC/AML requirements.
Certain information is mandatory and required by law. Failure to provide required documents may result in service delays or termination.
4. Security & Storage Safeguards
- Encrypted digital storage and secure document transfer
- Strict least-privilege access for authorized personnel only
- Internal cybersecurity and confidentiality policies
- Periodic reviews, audits, and compliance checks
We do not store more data than necessary and never sell client documentation.
5. International Data Transfer Safeguards
Some data may be processed via secure cloud technologies or outside the UAE. Where international transfers occur, we enforce confidentiality, encryption, and provider compliance aligned with UAE PDPL and accepted international standards.
6. Data Retention Policy
We retain documents only for as long as required for:
- Government-mandated record retention and audits
- Legal, regulatory, or dispute-resolution purposes
- Proof of service delivery and transactional history
Expired data is securely deleted or anonymized.
7. Confidentiality & Staff Access Control
Access is limited to authorized case handlers, compliance/legal personnel, licensed PRO teams, and government officials where lawfully required. All staff sign NDAs and receive periodic compliance training.
8. Your Rights
You may request, where applicable and legally permissible:
- A copy of your submitted documents
- Correction of inaccurate information
- Deletion subject to regulatory retention rules
- Restriction of processing in specific cases
You can submit requests via: info@aspiradubai.com
9. Data Breach Procedures
- Immediate incident triage and risk evaluation
- Notification to affected users where required
- Cooperation with UAE data protection authorities as applicable
10. Updates to This Policy
We may update this policy to reflect changes in regulatory frameworks or internal practices. A new Last Updated date will indicate modifications.
11. Contact Us
For data protection requests or questions:
Email: info@aspiradubai.com
Phone/WhatsApp: +971 56 406 6546
Address: Oud Metha, Dubai — Aspira Business Setup Services LLC