Name: Baker Tilly
Price range: $

Privacy Policy

This Privacy Policy (“Policy”) is designed to help you understand how we use your Personal Data, in accordance with the Data Protection Legislation (DPL), Regulations and further guidance thereunder (the “DPL”).

We encourage you to read the whole Policy. Alternatively, if you wish to read about specific privacy practices that interest you, please check the relevant topics below.

PART A – PURPOSE & APPLICABILITY

Our use of Personal Data
This Privacy Policy
Updating this Privacy Policy
What is Personal Data?
Our responsibility to you
Contact Person for Data Protection

PART B – YOUR PERSONAL DATA

Why are we collecting Personal Data about you?
What Personal Data do we collect about you?
Where do we collect your Personal Data from?

PART C – OUR USE OF YOUR PERSONAL DATA

How do we use your Personal Data?
Consent
Do we share your information with anyone else?

PART D – OTHER IMPORTANT THINGS YOU SHOULD KNOW

Keeping your Personal Data safe
Profiling and automated decision making
How long do we keep your Personal Data?
Cross border transfers of your Personal Data

PART E – YOUR RIGHTS

Contacting us and your rights
Your right to complain

PART A – PURPOSE & APPLICABILITY

1. Our use of Personal Data

In connection with providing our services and in compliance with the applicable laws and regulations in the UAE (“Applicable Law”), we collect and Process[1] information, including Personal Data.

2. This Privacy Policy

This is our general Privacy Policy that applies across our firm business operations and website(s).

3. What is Personal Data?

Personal Data is any information referring to an identified or Identifiable Natural Person[2]. This includes information like your name, (e-mail) address and telephone number but can also include less obvious information such as your attendance at a seminar or analysis of your use of our website(s).

Additional protection is afforded under the to Special Categories of Personal Data, i.e. Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership and health or sex life and including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person.

5. Our responsibility to you

We Process your Personal Data in our capacity as a Controller. This means that we are responsible for ensuring that we comply with the DPL when Processing your Personal Data.

PART B – YOUR PERSONAL DATA

1. Why are we collecting Personal Data about you?

We only collect Personal Data about you in connection with providing our services and conducting our normal business operations. We may hold information about you if:

you are a client, a representative of a client and the beneficial owner of a client.
we are required to Process your Personal Data in accordance with Applicable Law, for e.g. anti-money laundering laws
your information is provided to us by a client or others, or we otherwise obtain your information, in connection with the service(s) we are providing a client
you provide services to us (or you represent a company which provides services to us)
you represent a regulator, certification body or government body which has dealings with us
you attend our seminars, webinars, or events, receive our newsletter updates, or visit our offices or websites
you are an applicant for a job with us
you are or were an employee of the Firm

2. What Personal Data do we collect about you?

The types of information we Process about you may include:

Types of Personal Data	Details
Individual details	Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, demographic details, nationality, employer, job title and employment history, and family details, including their relationship to you.
Identification details	Identification numbers issued by government bodies or agencies, such as your passport number, Emirates ID or other national identity number, tax identification number and driving license number, including copies of such government-issued identification document
Financial information	Bank account details, income, source of wealth, source of funds, credit or borrowing history, payment and transactional history from your accounts or other financial information.
Anti-money laundering and sanctions data	Screening information received from various anti-money laundering, counter-terrorism financing and sanctions databases relating to you
Special Categories of Personal Data	Information about your political affiliations or opinions or criminal record, to the extent required for compliance with Applicable Law.
Identifiers	Information which can be traced back to you, such as an IP address, a website tracking code or any other information that may be automatically collected through our Website(s) or any other digital communication or network security applications used by us.

As a policy, we do not normally collect any Special Categories of Personal Data, unless such collection is warranted under specific circumstances.

Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between banks and with law enforcement and regulatory bodies.

3. Where do we collect your Personal Data from?

We may collect your Personal Data from various sources, including:

you
your employer
our clients and our service providers
anti-money laundering and counter-terrorism financing databases, sanctions lists, court judgements and other databases
government agencies and publicly accessible registers or sources of information
by actively obtaining your Personal Data ourselves, for example using website tracking devices
Information that we gather through cookies or similar tracking tools (e.g. pixels) when you use our websites, or web chat services.
While providing our products and services

The sources that apply to you will depend on the purpose for which we are collecting your Personal Data. Where we obtain your information from our client, we may ask them to provide you with the website link for accessing this Privacy Policyto ensure that you know we are Processing your information and the purpose for such Processing.

PART C – OUR USE OF YOUR PERSONAL DATA

1. How do we use your Personal Data?

In this section we set out in more detail:

the main purposes for which we Process your Personal Data
the lawful bases upon which we are Processing your Personal Data

Purpose for Processing

Lawful basis for Processing

Anti-Money Laundering and other legal obligations

We obtain information about our clients and their representatives and beneficial owners and others to help us comply with legislation on money laundering, terrorist financing, and sanctions.

We also collect and disclose Personal Data under applicable legislation and under orders from courts and/or regulators. Our disclosures will be to those bodies and persons who are entitled to receive such information.

In some cases, this information may include Special Categories of Personal Data, to the extent required by us to ensure compliance with Applicable Law.

For Personal Data – Compliance with Applicable Law that we are subject to including without limitation Prevention of Money Laundering Act (PMLA), and the instructions & guidelines issued thereunder.

For Special Categories of Personal Data – To comply with Applicable Law that applies to us in relation to anti-money laundering or counter-terrorist financing obligations or the prevention, detection, or prosecution of any crime.

Services

We may obtain information about individuals where this is necessary or appropriate to provide services to our clients.

For Personal Data – Performance of an engagement.

Service providers

We collect information about you in connection with your provision of services to us or your position as a representative of a provider of services to us. We do not collect Special Categories of Personal Data for this purpose, other than where we are required to do so to meet our legal obligations (see ‘Anti-Money Laundering and other legal obligations’ above).

For Personal Data – Performance of an engagement.

Seminars, events, updates, and other marketing activities

If you wish to attend our seminars or events or receive our updates, we ask you to provide us with a limited amount of information (normally your work contact details, your employer's name, your job title, and the legal subjects/events of interest). We use this information to communicate with you about our seminars, events, and updates, to ensure that you are an appropriate audience for them, and to conduct analysis for marketing purposes.

We do not collect Special Categories of Personal Data for this purpose.

For all communications with you – Consent from Data Subject.

Visitors to our websites

Where you provide us with Personal Data on our Website(s) for the purpose of inquiring about our services, we will only use it for the purpose for communicating with you in connection to your request.

Most of our websites use a small number of non-intrusive cookies to help them work more efficiently and to provide us with information on how the website is being used.

You can control cookies through the settings or preferences of your browser, as well as through dedicated browser extensions or add-ons.

We do not collect Special Categories of Personal Data on our Website(s).

For Personal Data – Legitimate interests for business development purposes

Visitors to our offices

We have security measures in place at our offices, which include building access controls and may include CCTV. Images captured by CCTV are securely stored and only accessed on a need-to-know basis (e.g. to investigate an incident).

Visitors to our offices may be required to sign in and sign out at building reception in accordance with the building’s security policies. In addition, we may also maintain visitor records ourselves, which are securely stored and only accessible on a need-to-know basis (e.g. to investigate an incident).

We do not collect Special Categories of Personal Data for this purpose.

For Personal Data – Legitimate interests for information security and physical security purposes

Staff Recruitment

We ask you to provide Personal Data to us as part of your job application. We will also conduct checks in order to verify your identity and the information in your application as well as to obtain further information about your suitability for a role within the Firm. This may include obtaining information from regulators, anti-money laundering databases, sanctions lists, etc.

In some cases, this information will include Special Categories of Personal Data, where such information is required for the purpose of pre-employment verification checks or other employment-related Processing.

For Personal Data – (1) For compliance with Applicable Law that we are subject to; and (2) Legitimate interests to prevent fraud.

For Special Categories of Personal Data – For carrying out our obligations and exercising our rights in the context of the Data Subject’s employment.

Former Staff

We retain Personal Data of former staff members to the extent that we have a statutory obligation to do so.

For all Personal Data - For compliance with Applicable Law that we are subject to

2. Consent

We do not generally Process your Personal Data based on your consent (as we can usually rely on another lawful basis). Where we do Process your Personal Data based on your consent, you have the right to withdraw your consent at any time. To withdraw your consent, please contact us using the contact details mentioned in Section 6 above.

3. Do we share your information with anyone else?

We do not share your Personal Data nor make it generally available to others. However, we may share your Personal Data in the following circumstances:

We may Process Personal Data of clients, or representatives or beneficial owners of clients, through screening databases or search engines for identity verification or background screening.
While providing some of our services, we may require the assistance of external professional service providers. The use of these external service providers may involve the service provider receiving your Personal Data from us. We take appropriate measures to protect Personal Data in accordance with the DPL.
We may share your Personal Data with relevant regulators or other authorities, where we are required to do so.

In each case where we share your Personal Data with third parties (except regulators or authorities), we ensure that the relevant party is contractually required to keep such Personal Data safe, secure and confidential in accordance DPL.

PART D – OTHER IMPORTANT INFORMATION

1. Keeping your Personal Data safe

We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss, or unauthorised disclosure of the Personal Data we Process.

2. Profiling and automated decision making

We do not use profiling (where an electronic system uses Personal Data to try and predict something about you) or automated decision making (where an electronic system uses Personal Data to make a decision about you without human intervention).

3. How long do we keep your Personal Data?

We retain your Personal Data in accordance with our data retention policy which categorises all the information held by us and specifies the appropriate retention period for each category of information. Our data periods are based on the legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.

4. Cross-border transfers of your Personal Data

Normally, we do not transfer Personal Data outside the respective jurisdiction, other than in the specific circumstances indicated in Section 13 above.

Where any such transfers of Personal Data to non-adequate jurisdictions (as defined by the DPL) take place, we take appropriate data security measures and put in place a contract with the relevant third party that includes the standard data transfer contractual terms approved by the relevant Data Protection Authority, in accordance with the Law.

PART E – YOUR RIGHTS

1. Contacting us and your rights

If you have any questions in relation to our use of your Personal Data, please email us using the contact details provided in Section 6 above.

Subject to certain exceptions outlined in the Law, you have the right to require us to:

provide you with further details on the nature of your Personal Data held by us and the use we make of your Personal Data, including any sharing or transfer thereof;
provide you with a copy of the Personal Data we hold about you;
update any inaccuracies in the Personal Data we hold about you;
delete any of your Personal Data that we no longer have a lawful basis to use or that you have withdrawn your consent for us to Process;
where Processing is based only on consent, stop that particular Processing by withdrawing your consent;
object to any Processing based on our legitimate interests unless our reasons for undertaking that Processing outweigh any prejudice to your data protection rights;
restrict how we use your Personal Data during such time that the accuracy of the Personal Data, the lawful basis for Processing your Personal Data or our overriding legitimate interest in continuing to Process your Personal Data, is being contested by you; and
transfer your Personal Data to you or a third party in a structured, commonly used and machine-readable format, to the extent that such Personal Data is automatically Processed and where the lawful basis for such Processing is your consent or for the performance of a contract.

In certain circumstances, we may need to restrict your rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests, or in accordance with other exceptions and limitations specified in the Law.

2. Contact us

If you have any questions, comments and requests related to this Policy, or if you have any complaints related to how we Process your personal data, please contact:

Calling us: +971 4 264 6175
sending an email to: info@bakertilly.ae
Writing to us at the address: Level 20, Sheikh Rashid Tower, Trade Centre, P.O. Box No. 507392, Dubai, Untied Arab Emirates

If the matter remains unresolved, you may contact relevant Data Protection Commissioner.

In the case of Company incorporated in the DIFC-

Data Protection Office

Dubai International Financial Centre Authority

Level 14, The Gate Building

Email: commissioner@dp.difc.ae

In the case of Company incorporated in the ADGM-

ADGM Office of Data Protection

Abu Dhabi Global Market Authorities Building

ADGM Square, Al Maryah Island

PO Box 111999

Abu Dhabi, UAE

Email: data.protection@adgm.com

[1] “Processing” of Personal Data can include any one or more of the following, whether or not by automated means: collection, recording, organization, structuring, storage and archiving, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, transfer or otherwise making available, alignment or combination, restricting, erasure or destruction.

[2] Identifiable Natural Person means a natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one (1) or more factors specific to his biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity (and "Identified Natural Person" is interpreted accordingly).