loader image

Privacy Policy

1. Introduction and Responsibility

This Privacy Policy is issued by Asma Ali Al Messabi Advocates and Legal Consultants, a law firm established under the laws of the United Arab Emirates, with its principal office located at Defense Road-Hazza’Bin Zayed the First St-Al Nahyan-Zone 1-Abu Dhabi, United Arab Emirates (“Asma Ali Al Messabi Advocates and Legal Consultants”, “we”, “us”, or “our”).

We are dedicated to protecting the confidentiality and integrity of personal information entrusted to us. Our practices comply with applicable UAE data-protection laws, including the Dubai International Financial Centre (DIFC) Data Protection Law No. 5 of 2020, the UAE Federal Decree Law No. 45 of 2021 on the Protection of Personal Data (PDPD), and Federal Decree Law No. 44 of 2021, which established the UAE Data Office.

The Asma Ali Al Messabi Advocates and Legal Consultants entity with which you engage generally acts as the data controller of your personal data. In specific circumstances, we may act as a data processor, handling information solely in accordance with the written instructions of another controller.

For any queries regarding this Policy or our handling of personal data, please contact us at: info@asmalaw.com

2. Information We Collect

We may collect and process personal information about you in the course of our professional activities, including when you:

  • Reach out to us by telephone, email, our website, or social media channels;
  • Engage us to provide legal or consultancy services;
  • Apply for employment or collaboration opportunities;
  • Visit our premises or attend our events;
  • Subscribe to our newsletters or publications; or
  • Use our online platforms or digital services.

The categories of information we may obtain include:

  • Identification and Contact Data: Full name, postal address, email address, phone number, nationality, date of birth, passport, or Emirates ID details.
  • Professional Details: Occupation, employer, job title, academic or professional credentials.
  • Client-Matter Information: Any material or data provided to us, or obtained on your behalf, in connection with legal services.
  • Financial Information: Bank account details or other payment data required for invoicing or settlement.
  • Technical Information: IP address, browser type, device identifiers, location data, and website-usage metrics.
  • Visitor and Event Data: Meeting or appointment records, CCTV footage, and photographs or recordings taken during events.
  • Special Categories of Data: Where relevant to a legal matter, such as health data or criminal-record information, processed strictly in accordance with applicable law.

We may also receive personal information from third parties, such as counterparties, clients, regulators, or publicly available databases, where this is relevant to the matter concerned.

3. Purposes and Legal Bases for Processing

We handle personal information only where a lawful basis applies, including:

  • Performance of a Contract: to provide the legal or consultancy services requested;
  • Legal Obligation: to comply with statutory or regulatory requirements, including anti-money-laundering and sanctions screening;
  • Legitimate Interests: to manage our business operations, maintain IT security, and develop client relationships;
  • Consent: where you have expressly agreed to receive marketing or informational material;
  • Vital Interests: where processing is necessary to protect you or another person.

4. How We Use Personal Data

Personal information may be used to:

  • Deliver and administer our legal and consultancy services;
  • Correspond with you and manage our professional relationship;
  • Undertake identification and compliance checks (AML / KYC);
  • Manage billing, payments, and accounting records;
  • Enhance our website, communications, and internal processes;
  • Distribute legal updates or event information where you have opted in; and
  • Meet our professional, ethical, and legal responsibilities.

5. Client Communications and Marketing

From time to time, we may contact you with newsletters, legal updates, or invitations to seminars and webinars where you have consented or such communication is otherwise lawful.

You may amend your preferences or unsubscribe at any time by following the link provided in our emails or by writing to info@asmalaw.com.

Limited analytical data (for example, open-rate statistics) may be used solely to improve the relevance of our communications. No sensitive personal information is utilized for marketing purposes.

6. Website Use and Cookies

We employ cookies and comparable technologies to:

  • Enhance site performance and usability;
  • Analyze traffic and browsing patterns; and
  • Support essential functionality and security.

You can adjust or disable cookies through your browser settings; however, doing so may affect certain site features. We may use Google Analytics or similar tools that process anonymized data subject to their own privacy policies.

7. Disclosure of Personal Information

We do not sell or lease personal data. Disclosure occurs only when necessary and on a strictly confidential basis to:

  • Our partners, lawyers, and authorized staff;
  • Service providers such as IT support, cloud storage, translators, couriers, or professional advisers;
  • Courts, arbitral tribunals, regulatory authorities, or government entities, as required by law;
  • Opposing counsel, counterparties, experts, or witnesses involved in a case; and
  • Event organizers or service vendors relevant to a function.

All third parties are required to maintain confidentiality and comply with data protection standards equivalent to those set out in this Policy.

8. International Transfers

Although our operations are based in the UAE, your personal data may be stored or processed on secure servers outside the country or the DIFC.

In all such cases, we ensure that:

  • Appropriate safeguards, such as contractual data-transfer clauses, are in place; and
  • Recipients are bound to handle personal information in accordance with applicable laws and confidentiality obligations.

9. Data Retention

Personal data is retained only for as long as necessary to:

  • Fulfill the purpose for which it was collected;
  • Comply with legal or regulatory requirements; or
  • Assert or defend legal claims.

Once retention is no longer required, data is securely deleted, anonymized, or archived in accordance with our records management policy.

10. Data Security

We apply suitable technical and organizational measures to prevent unauthorized access, alteration, disclosure, or loss of personal information.

While we take reasonable steps to maintain security, please note that no internet-based system can guarantee absolute protection.

11. Confidentiality

In accordance with our professional obligations, Asma Ali Al Messabi Advocates and Legal Consultants maintains the utmost discretion regarding any information entrusted to us by clients or contacts.

All information you provide is treated as confidential and handled in compliance with our ethical duties and the relevant data-protection laws.

We have strict agreements and safeguards in place with employees, consultants, and trusted service providers to ensure confidentiality at all times. This obligation equally applies to information submitted by visitors to our website or through our electronic services.

12. Your Rights

Subject to UAE and DIFC data-protection legislation, you may be entitled to:

  • Access – obtain a copy of personal data held about you;
  • Correction – request rectification of inaccurate or incomplete data;
  • Erasure – request deletion where data is no longer needed or processed unlawfully;
  • Restriction / Objection – request limitation or cessation of specific processing;
  • Portability – request that your data be transferred to another controller;
  • Withdraw Consent – withdraw consent at any time where processing relies on it.

To exercise any of these rights, please contact info@asmalaw.com.

If you believe your rights have been infringed, you may also raise a complaint with the UAE Data Office or the DIFC Commissioner of Data Protection, as applicable.