Privacy Policy

1. Information We Collect

We may collect and process the following categories of personal data:

1.1 Identity and Contact Data

• Full name, title, and date of birth
• Email address and telephone number
• Postal address and country of residence
• Passport number, Emirates ID, and other government-issued identification documents (required for visa and company formation services)
• Nationality and country of birth

1.2 Financial and Business Data

• Business name, structure, and industry
• Payment and billing information (processed through secure third-party payment processors)
• Bank account details where required for banking facilitation services
• Business registration documents and corporate records
• Source of funds declarations where required by applicable regulations

1.3 Technical and Usage Data

• IP address, browser type and version, operating system
• Pages viewed, time spent on pages, and navigation paths on our website
• Device identifiers and cookie data
• Referral source (e.g., search engine or referring website)

1.4 Communications Data

• Enquiries, messages, and correspondence submitted via our contact form or by email
• Records of meetings, calls, and consultations
• Marketing preferences and communication history

2. How We Collect Your Information

We collect your personal data through the following means:

• Direct interactions: When you complete our contact form, send us an email, engage our services, or correspond with us by telephone or in person.
• Automated technologies: When you visit our website, we automatically collect technical data through cookies and similar tracking technologies.
• Third parties: We may receive personal data from referral partners, public registers, government authorities, or other third parties as part of our service delivery.
• Due diligence: For regulatory compliance purposes, we may collect information from publicly available sources, credit reference agencies, or sanctions screening databases.

3. How We Use Your Information

We use your personal data for the following purposes:

• Service delivery: To provide the corporate services you have engaged us for, including company formation, visa processing, banking facilitation, and other services.
• Communication: To respond to your enquiries, provide updates on your application or project status, and maintain our business relationship with you.
• Compliance: To comply with our legal and regulatory obligations, including anti-money laundering (AML), know-your-customer (KYC), and counter-terrorism financing (CTF) requirements.
• Account management: To create and manage your client account and maintain accurate records.
• Marketing: With your consent, to send you information about our services, industry updates, and promotional materials. You may withdraw your consent at any time.
• Website improvement: To analyse how our website is used and to improve user experience.
• Security: To detect, prevent, and address fraudulent or illegal activities.
• Legal proceedings: To establish, exercise, or defend legal claims.

4. Legal Basis for Processing

Where applicable, we process your personal data on one or more of the following legal bases:

• Contractual necessity: Processing is necessary to perform the services contract we have with you or to take steps prior to entering into such a contract.
• Legal obligation: Processing is necessary to comply with our legal and regulatory obligations under UAE law.
• Legitimate interests: Processing is necessary for our legitimate business interests, provided those interests are not overridden by your fundamental rights.
• Consent: Where we rely on your consent (e.g., for marketing communications), you have the right to withdraw consent at any time.

5. Sharing Your Information

We do not sell, rent, or trade your personal data. We may share your information with:

• UAE Government Authorities: Including the relevant free zone authorities, the Ministry of Economy, GDRFA, and other regulatory bodies as required to fulfil our services and meet our legal obligations.
• Banking institutions: When facilitating banking introductions, your information will be shared with prospective banking partners with your explicit consent.
• Professional advisers: Including lawyers, auditors, and accountants operating under contractual confidentiality obligations.
• Technology service providers: Third-party software providers who process data on our behalf (e.g., email systems, CRM platforms, cloud storage). These providers are bound by data processing agreements ensuring equivalent data protection standards.
• Payment processors: To process payments for our services. These processors maintain their own privacy policies.
• Law enforcement: Where required by law, court order, or governmental authority.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device that help us improve your browsing experience and understand how our website is used.

6.1 Types of Cookies We Use

• Strictly necessary cookies: Essential for the website to function correctly. These cannot be disabled.
• Analytical cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). These are set only with your consent.
• Functional cookies: Allow the website to remember your preferences and provide enhanced features.
• Marketing cookies: Track your browsing to deliver relevant advertising. Used only with your consent.

6.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of our website. For more information, visit allaboutcookies.org.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, including satisfying legal, regulatory, accounting, or reporting requirements.

As a general guideline:

• Client records: Retained for a minimum of 7 years following the end of our business relationship, in accordance with UAE commercial and regulatory requirements.
• KYC and AML documentation: Retained for a minimum of 5 years following the termination of the business relationship, as required by UAE AML regulations.
• Marketing data: Retained until you withdraw your consent or request deletion.
• Website analytics data: Retained in aggregated form; raw data deleted after 26 months.
• Enquiry data (non-clients): Retained for 12 months following your initial enquiry, then securely deleted.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include:

• Encrypted data transmission using TLS/HTTPS protocols
• Access controls limiting data access to authorised personnel on a need-to-know basis
• Secure cloud storage with reputable providers
• Regular security assessments and staff training
• Confidentiality obligations in all staff and contractor agreements

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.

9. International Data Transfers

As a company operating in the UAE providing services to international clients, we may transfer your personal data to countries outside the UAE. Where such transfers occur, we ensure that appropriate safeguards are in place, such as standard contractual clauses or transfers to countries with equivalent data protection standards recognised by the UAE data protection authority.

10. Your Rights

Under applicable UAE data protection law, you have the following rights regarding your personal data:

• Right to access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request correction of inaccurate or incomplete data.
• Right to erasure: You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to our legal obligations to retain certain records.
• Right to restriction: You may request that we restrict processing of your data in certain circumstances.
• Right to data portability: You may request that we transfer your data to another service provider in a structured, machine-readable format, where technically feasible.
• Right to object: You may object to processing based on our legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@aurumgateway.ae. We will respond within 30 days. We may need to verify your identity before processing your request.

11. Children's Privacy

Our services are directed at adults and businesses. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a minor, we will take steps to delete that data promptly.

12. Third-Party Links

Our website may contain links to third-party websites, including government portals, free zone authorities, and banking institutions. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies before providing any personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting an updated version on our website with a revised "Last Updated" date. Where required by law, we will seek your renewed consent. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

If you are not satisfied with our response, you may have the right to lodge a complaint with the UAE data protection authority or another competent supervisory authority in your country of residence.