PRIVACY POLICY

1. Introduction

Al Samily LLC (“Al Samily,” “we,” “our,” or “us”) is committed to protecting the privacy and confidentiality of individuals who visit our website www.alsamily.com (the “Website”) or interact with us in any way.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information. It applies to all visitors, prospective clients, counterparties, partners, and users of our Website and related communications.

By using this Website or providing personal data, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use immediately.

2. Scope and Legal Framework

This Policy aligns with the EU General Data Protection Regulation (GDPR), the UAE Data Protection Law (Federal Decree-Law No. 45 of 2021), and the DIFC Data Protection Law 2020, as applicable.

We recognize data protection as a fundamental right and apply the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and accountability.

3. Information We Collect

We collect and process information that identifies, relates to, or could reasonably be linked to you (“Personal Data”) in the following categories:

A. Information You Provide Directly

  • Identification Data: Full name, title, organization, country of residence.

  • Contact Details: Email address, telephone number, postal address.

  • Professional Details: Job title, employer name, government department or institution.

  • Inquiry Content: Information you voluntarily submit via forms or emails, such as messages about projects or services.

  • Event or Subscription Data: Registration details for briefings, updates, or newsletters.

B. Information Collected Automatically

When you visit our Website, we automatically collect:

  • IP address and approximate location;

  • Browser type, language settings, device information;

  • Operating system, referring URLs, and usage patterns;

  • Date and time of access and session duration;

  • Interaction metrics (e.g., page views, click paths).

This data helps us analyze traffic and maintain cybersecurity.

C. Information from Third Parties

We may receive information from:

  • Analytics providers (Google Analytics or similar);

  • Publicly available sources and government registers;

  • Professional networks and business partners;

  • Advisory counterparties or consultants in the course of engagement.

4. Purpose of Processing

We process Personal Data for clearly defined, lawful purposes, including:

  1. Responding to Inquiries – To respond to messages submitted through the Website, email, or phone.

  2. Client Relationship Management – To evaluate potential collaborations, prepare proposals, and manage ongoing engagements.

  3. Regulatory Compliance – To comply with know-your-client (KYC), anti-money laundering (AML), and sanctions obligations.

  4. Business Operations – To improve our services, conduct analytics, and enhance Website performance.

  5. Marketing and Communications – To share relevant updates or insights where lawful and subject to opt-out rights.

  6. Recruitment – To process applications or expressions of interest in employment or collaboration.

  7. Legal and Risk Management – To exercise or defend legal claims and maintain records consistent with regulatory requirements.

We do not process Personal Data for purposes incompatible with those listed.

5. Legal Bases for Processing

Depending on context, we rely on one or more of the following legal bases:

  • Consent: Where you have freely given explicit permission (e.g., to receive updates).

  • Contractual Necessity: Processing needed to prepare or perform a contract with you or your organization.

  • Legal Obligation: To satisfy applicable laws and regulations (AML, sanctions screening, record retention).

  • Legitimate Interests: To operate and improve our services in a way that does not override your rights.

  • Public Interest: In limited cases where advisory work supports governmental or development objectives.

6. Cookies and Tracking Technologies

Our Website uses cookies and similar tools to ensure functionality and measure performance. Categories include:

  • Essential Cookies: Required for basic site operation.

  • Analytics Cookies: Aggregate usage statistics to understand traffic patterns.

  • Functional Cookies: Remember language or region preferences.

  • Security Cookies: Assist in fraud prevention and login protection (if applicable).

You can control cookies through browser settings or our cookie banner. For details, see our Cookie Policy.

7. How We Use Personal Data

We use your information to:

  • Deliver services and tailored advice;

  • Facilitate communications and meeting arrangements;

  • Administer Website functionality and user experience;

  • Detect and prevent security incidents;

  • Fulfill legal and contractual obligations;

  • Support internal training and quality assurance.

Personal Data is never sold or commercialized.

8. Data Sharing and Disclosure

We do not disclose your Personal Data except as described below and always on a need-to-know basis.

A. Within Al Samily Group

Access is limited to employees and authorized consultants who require it to perform their duties, subject to confidentiality obligations.

B. Service Providers

We may share data with carefully selected vendors who assist in:

  • Website hosting and maintenance;

  • Cloud storage and IT security;

  • Communications and analytics platforms;

  • Professional auditors, legal counsel, and compliance advisors.

Such providers are bound by contractual data-protection obligations.

C. Regulatory and Legal Authorities

Where required by law or court order, we may disclose information to regulators, law-enforcement bodies, or government entities.

D. Business Transfers

In the event of a merger, reorganization, or asset transfer, Personal Data may be transferred subject to appropriate safeguards.

9. International Data Transfers

Given our global activities, your Personal Data may be transferred to and processed in countries outside your own.

Where such transfers occur, we ensure adequate protection through mechanisms such as:

  • Adequacy decisions by regulators;

  • Standard Contractual Clauses approved under GDPR;

  • Binding corporate rules or equivalent safeguards;

  • Explicit consent from you where required.

10. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes set out herein or as required by law. Typical retention periods are:

  • General inquiries: up to 24 months after last contact;

  • Client engagement records: 10 years following completion or as mandated by regulations;

  • Marketing subscriptions: until you unsubscribe;

  • Recruitment records: 12 months from application date.

After expiration, data is securely deleted or anonymized.

11. Data Security

We employ technical and organizational measures to protect data from unauthorized access, loss, alteration, or disclosure, including:

  • Encryption of data in transit and at rest;

  • Access controls and multi-factor authentication;

  • Employee training and confidentiality agreements;

  • Regular security audits and monitoring;

  • Business continuity and disaster-recovery protocols.

Despite these measures, no system is entirely secure, and we cannot guarantee absolute protection.

12. Your Rights

Subject to applicable law, you have the following rights regarding your Personal Data:

  1. Access: Request confirmation of whether we process your data and obtain a copy.

  2. Rectification: Request correction of inaccurate or incomplete information.

  3. Erasure: Request deletion of data when no longer necessary or processed unlawfully.

  4. Restriction: Ask us to limit processing under specific circumstances.

  5. Portability: Receive data in a structured, machine-readable format where processing is based on consent or contract.

  6. Objection: Object to processing for legitimate-interest or direct-marketing purposes.

  7. Withdrawal of Consent: Withdraw consent at any time without affecting prior lawfulness.

  8. Complaint: Lodge a complaint with a competent data-protection authority.

To exercise these rights, email hello@alsamily.com. We may verify identity before acting on requests.

13. Children’s Privacy

Our Website is not intended for individuals under 18 years of age, and we do not knowingly collect data from minors. If we become aware of such collection, we will delete the information promptly.

14. Marketing and Communication Preferences

We may send you communications about our services or insights that we believe are relevant to your professional interests. You can unsubscribe at any time by clicking the link in emails or contacting us directly.

We do not use automated decision-making or profiling for marketing.

15. Third-Party Websites and Links

Our Website may link to external sites not controlled by Al Samily. We are not responsible for the content, security, or privacy practices of those sites. Users should review the policies of any third party before providing personal information.

16. Social Media and External Platforms

Al Samily may maintain pages on LinkedIn or other professional platforms. When you interact with our pages, the platform may collect information according to its own policies. We receive aggregated insights but do not control their data-processing activities.

17. Automated Decision-Making and Profiling

We do not use automated systems to make decisions that produce legal or significant effects on individuals. All evaluations and recommendations are subject to human review and professional judgment.

18. International Compliance and Cross-Border Operations

Because we serve sovereign and institutional clients across jurisdictions, we implement global data-governance standards that satisfy the highest applicable requirements. Our policies extend to affiliates and partners who process data on our behalf under strict confidentiality.

19. Legal Obligations and Enforcement Requests

We may process and disclose information to comply with legal duties, including court orders, subpoenas, law-enforcement requests, or regulatory investigations. Where permitted, we will seek to notify affected individuals before disclosure.

20. Data Breach Notification

In the unlikely event of a personal-data breach likely to result in risk to individuals, we will take immediate steps to mitigate impact and notify competent authorities and affected individuals in accordance with applicable law.

21. Record Keeping and Accountability

We maintain records of processing activities and periodically review compliance with this Policy. Data-protection impact assessments are conducted for new or high-risk initiatives. Employees receive ongoing privacy training.

22. Transfers involving Government or Sovereign Data

When we handle information related to government projects or sovereign clients, we apply enhanced confidentiality controls, including restricted storage, encryption, and data segregation. Such information is used solely for the contractual purpose for which it was collected.

23. Information Integrity and Accuracy

We take reasonable steps to ensure that Personal Data is accurate, complete, and up to date. You are encouraged to inform us promptly of any changes to your details.

24. Cross-Reference to Other Policies

This Privacy Policy forms part of our overall governance framework and should be read in conjunction with our:

  • Terms of Use

  • Cookie Policy

  • Legal Disclaimer

  • Accessibility Statement

Together they constitute the full legal and ethical framework of our online presence.

25. Changes to This Privacy Policy

We may update this Policy periodically to reflect operational, legal, or regulatory developments. Updates take effect upon posting to the Website. The “Effective Date” above indicates the latest revision.

Where required by law, we will notify you of significant changes and, if necessary, seek renewed consent.

26. Governing Law and Jurisdiction

This Policy and any disputes arising from it are governed by the laws of the United Arab Emirates, as applicable in the Emirate of Dubai, without regard to conflict-of-law principles.

Disputes shall be subject to the exclusive jurisdiction of the Dubai Courts, unless arbitration is agreed upon in writing.

27. Contacting Us

If you have questions, concerns, or wish to exercise your data-protection rights, please contact:

Data Protection Officer
Al Samily LLC
6th Floor, Meydan Grandstand
Meydan Road, Nad Al Sheba
Dubai, United Arab Emirates
Email: hello@alsamily.com

We aim to respond to all legitimate requests within one month.

28. Acknowledgment

By continuing to use this Website, you acknowledge that you have read, understood, and agreed to this Privacy Policy and that your data will be handled in accordance with its terms.