Privacy, Data Protection & Compliance Policy

Privacy, Data Protection & Compliance Policy

 

At C2Z Advisory, we are committed to protecting your personal information, complying with international data protection regulations, and upholding the highest standards of Anti–Money Laundering (AML) and Counter-Terrorist Financing (CTF) compliance.

This Policy explains how we collect, use, and safeguard your information, how we use cookies, and the principles that guide our compliance practices. It applies to all visitors, clients, and partners engaging with our website and services.

By using our website or services, you consent to the practices outlined below.

 

  1. Information We Collect

We may collect personal and corporate information, including:

  • Contact details (name, email, phone, address)
  • Identification documents for compliance (passport, ID, proof of address, company registration and financial documents)
  • Billing and payment information
  • Website usage data (IP address, device, browser type, pages visited)

 

  1. How We Use Your Information

We use your information to:

  • Provide our advisory and corporate services
  • Meet legal and regulatory obligations, including AML/CTF compliance
  • Communicate with you regarding services and inquiries
  • Process payments and manage billing
  • Improve our website and services
  • Send updates or marketing (only with your consent)

 

  1. AML & CTF Commitment

As a regulated Designated Non-Financial Business or Profession (DNFBP), C2Z Advisory strictly complies with UAE AML regulations, FATF standards, EU directives, and international best practices.

We are committed to:

  • Verifying the identity of our clients (Know Your Customer – KYC)
  • Assessing the source of funds and wealth
  • Screening clients and transactions against international sanctions lists
  • Reporting suspicious activities to the competent authorities
  • Maintaining accurate records in line with legal retention requirements

We do not knowingly facilitate tax evasion, money laundering, or terrorist financing activities.

 

  1. Data Protection (GDPR, UK DPA, UAE PDPL, DIFC DP Law)

We process personal data in accordance with applicable laws, to the best of our knowledge, including:

  • General Data Protection Regulation (GDPR – EU)
  • UK Data Protection Act
  • UAE Federal Data Protection Law (PDPL – Law No. 45 of 2021)
  • DIFC and ADGM data protection regulations (where applicable)

Your rights may include:

  • Access to your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Data portability
  • Withdrawal of consent (where applicable)
  • Lodge a complaint with your national Supervisory Authority (EU/UK) or the UAE Data Office

To exercise your rights, please contact us at contact@c2zadvisory.com.

 

  1. Data Retention

We retain personal data only as long as required:

  • For the duration of client relationships
  • For regulatory and AML/CTF compliance (usually 6 years, depending on jurisdiction)
  • As necessary for legitimate business purposes

Data is securely deleted or anonymised once retention periods expire.

 

  1. Security of Information

We apply strict technical and organisational safeguards to protect your data, including:

  • Encrypted communications and secure servers
  • Access restricted to authorised staff only
  • Regular training and compliance monitoring
  • Privacy by Design and Default: our systems and services are built to ensure the highest level of data protection from the outset

 

  1. Cookies and Tracking Technologies

Our website uses cookies to:

  • Improve user experience and functionality
  • Analyse website performance and traffic
  • Provide relevant content and services

Cookie consent:

  • Non-essential cookies (e.g., analytics, marketing) are only placed with your prior consent
  • You can manage or withdraw consent at any time via our cookie banner or browser settings
  • We do not use pre-ticked boxes, forced consent, or dark patterns

Disabling cookies may affect certain website features.

 

  1. International Data Transfers

As we operate in multiple jurisdictions, your data may be transferred internationally. Safeguards include:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with partners
  • Compliance with adequacy decisions by regulators

 

  1. Data Breach Notification

In line with GDPR and UAE PDPL requirements:

  • We will notify the competent Supervisory Authority or UAE Data Office of a personal data breach within 72 hours, where required
  • Where the breach poses a high risk to individuals’ rights, we will also inform affected individuals without undue delay

 

  1. Data Protection Officer (DPO)

Where required by law, we have appointed a Data Protection Officer (DPO) to oversee our compliance with data protection obligations.

 

  1. Children’s Privacy

Our services are directed at businesses and professionals. We do not knowingly collect information from individuals under 18 years of age.

 

  1. Regulatory Updates

We will update this Policy in line with legal and regulatory changes, including the forthcoming UAE Executive Regulations under the PDPL and new EU laws such as the Data Act (effective 2025).

 

  1. Updates to This Policy

We may revise this Policy periodically to reflect legal, regulatory, or business changes. Updates will be posted on this page with a revised “Last Updated” date.

 

  1. Contact Us

If you have any questions about this Policy, data protection, or compliance practices, please contact:

C2Z Advisory
Email: contact@c2zadvisory.com
Phone:+971 5 2605 2053

 

Compare listings

Compare