Privacy Policy

At AZ&Co. Legal, including its subsidiaries and/or affiliates (hereinafter referred to as "we," "our," "us," or "AZ&Co. Legal"), we are committed to safeguarding the privacy and security of our clients' and website visitors' personal data ("User," "Customer," "you," "your"). We are committed to transparency and to ensuring that you understand how your personal data is collected, used, and protected, as well as the rights available to you under applicable law.

​

When you interact with us through any of our channels, we may collect certain information about you. Where such information can be used to identify you directly or indirectly, it constitutes "personal data" or "personal information". We process personal data in accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data of the United Arab Emirates ("PDPL"), its Executive Regulations, Cabinet Resolution No. 33 of 2024 (Executive Regulations of the PDPL), and other applicable data protection laws and regulations, including those governing cross-border data transfers. 

​

1. WHO WE ARE 

​

For the purposes of the PDPL and other applicable data protection laws, AZ&Co. Legal is the Data Controller and is responsible for determining the purposes and means of processing your personal data. This Privacy Policy, together with our terms of engagement, explains how we collect, use, store, share, and protect your personal data, and outlines your rights in relation to such data when you engage our legal services, visit our website (https://azcolegal.com/), or otherwise interact with us. We may also collect personal data from third parties, as further described below. 

 

By accessing our website or engaging us for services, you acknowledge that you have read and understood this Privacy Policy. By accessing our website or engaging us for services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Privacy Policy, you must immediately cease using our website and services.

​

2. WHAT PERSONAL DATA DO WE COLLECT 

​

We collect different categories of personal data depending on the nature of our relationship with you. This may include, but is not limited to: 

​

a. Identity Data: Name, date of birth, nationality, passport or national ID details, residency or visa information. 

b. Contact Data: Residential or business address, email address, telephone numbers.

c. Financial Data: Bank account details, payment card details, financial records, tax-related information, billing and payment history. 

d. Professional Data: Occupation, employer, job title, professional qualifications, and business contact details. 

e. Case-Related Data: Information relevant to the legal matter for which you engage us, which may include special categories of personal data or sensitive personal data (such as health information, criminal records, biometric data, or other data protected under applicable law), where such processing is lawful and necessary for the provision of our legal services or to comply with legal obligations. 

f. Technical Data: Internet Protocol (IP) address, browser type and version, time zone settings, approximate location, operating system, device type, and other technology identifiers used to access our website. 

g. Usage Data: Information about how you use our website, platforms, and services. 

h. Marketing and Communications Data: Preferences in receiving communications from us and records of your interactions with us. 

​

We collect personal data directly from you, from publicly available sources, and from third parties (such as government authorities, courts, counterparties, financial institutions, or service providers) where necessary for the provision of our services or as permitted by applicable law.

 

3. HOW WE COLLECT YOUR PERSONAL DATA 

​

a. Information you provide 

​

When you visit our website or utilise the “Contact Us” feature through interactive elements, online forms, email, or other communication methods, you voluntarily provide us with personal information such as your name, email address, phone number, and any other details you choose to share. We also maintain social media pages on platforms like Facebook, Twitter, Instagram, and LinkedIn. When you interact with these pages—by sending messages, commenting, or sharing content you give us access to technical and identity data. Additionally, the hosting providers of these platforms may share aggregate data and analytics related to your interactions. We collect the information you submit when completing surveys, questionnaires, or forms. If you are a current or prospective client seeking our services, we may gather identity, contact, financial, professional, and case-related data as required for the specific services. Likewise, if you apply for a position at AZ&Co. Legal, you may be asked to provide your CV, which could include your personal, contact, professional, and financial data. 

​

b. Information we collect from third parties 

​

We may collect personal data about you from third parties, in accordance with the law and where relevant to the services we provide or our legitimate business operations. These sources include publicly available registers, court records, land registries, and other accessible databases. Additionally, information may be obtained from involved parties such as opposing counsel, courts, tribunals, expert witnesses, financial institutions, government agencies, and other legal entities related to your case. We may also receive data through professional networks and referrals from individuals or organizations directing you to our services. Furthermore, background check providers may supply information for employment purposes or as part of our due diligence processes for specific client engagements. 

 

c. Information we collect automatically 

​

When you visit or interact with our website or digital platforms, we may automatically collect certain technical data, including device identifiers, IP address, browser and operating system information, usage patterns, referring URLs, and cookies. This information helps us understand how our website is used and enables us to improve functionality, performance, and security. 

​

4. HOW AND WHY DO WE USE YOUR PERSONAL DATA 

​

We collect and process personal data only for specific, explicit, and legitimate purposes, and only where we have a lawful basis under applicable data protection laws. These purposes and legal bases include the following: 

​

a. Where we have your consent 

​

Where required by law, we process personal data based on your consent, including when you agree to our engagement terms, subscribe to communications, or otherwise provide explicit permission for specific processing activities. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal. 

 

b. To perform a contract 

​

We process personal data where necessary to perform our contractual obligations to you or to take steps at your request prior to entering into a contract. This includes client onboarding, service delivery, billing, payment processing, and communications relating to your engagement. 

 

c. To comply with legal and regulatory obligations 

​

We process personal data to comply with our legal and regulatory obligations, including obligations relating to anti-money laundering (AML), know-your-client (KYC), professional conduct, record keeping, taxation, accounting, and regulatory compliance, as well as to ensure the security of our systems and data. 

 

d. For our legitimate interests

​

We may process your personal data where it is necessary for the purposes of our legitimate interests, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include: improving and developing our services; maintaining the security and integrity of our systems; fraud prevention and detection; and conducting internal administrative activities. Where we rely on this basis, we carry out a balancing assessment to ensure that our interests do not unduly prejudice your rights.

 

e. For legal claims and vital interests

​

We may process personal data where necessary to establish, exercise, or defend legal claims, or where processing is required to protect the vital interests of you or another individual in exceptional circumstances.

​

To the maximum extent permitted by applicable law, AZ&Co. Legal expressly reserves the right to process personal data necessary for the defence of any claim, complaint, regulatory investigation, or disciplinary proceeding brought against or involving AZ&Co. Legal or its personnel, without requiring separate consent from the data subject in respect of such processing.

 

5. HOW WE SHARE YOUR PERSONAL DATA 

​

We disclose personal data only where necessary and in accordance with applicable law, including to the following categories of recipients: 

​

a. Our Employees: Authorised legal and administrative personnel on a need-to-know basis. 

b. Service Providers: Third-party providers supporting our operations, including IT services, secure cloud storage providers, payment processors, and professional advisors. 

c. Other Legal Professionals: Courts, tribunals, opposing counsel, experts, and other professionals involved in legal matters. 

d. Government and Regulatory Authorities: Where disclosure is required by law or pursuant to lawful requests. 

e. Courts and Tribunals: In connection with legal proceedings. 

f. Business Transfers: Successors or third parties in the event of a merger, restructuring, or transfer of assets, subject to appropriate safeguards. 

​

We ensure that all third parties who process personal data on our behalf are contractually obligated to protect your data in accordance with applicable data protection laws and our own standards. We do not sell, rent, or otherwise commercially exploit your personal data to third parties for their own marketing purposes.

​

6. USE OF COOKIES AND THIRD-PARTY LINKS 

​

We may employ both temporary (session) and persistent cookies, along with tags, scripts, and similar technologies, to enhance your experience on our website and to better understand your interactions. These tools help us identify users, track website navigation, gather demographic information, analyse the effectiveness of email campaigns, and facilitate targeted engagement by monitoring activities on our platforms. 

​

We may utilise third-party tracking services such as Google Analytics and Google Tag Manager to gain insights into visitor behaviour, allowing us to improve our services and website performance. Additionally, our pages may incorporate web beacons or pixels, small electronic files designed to count visitors, monitor activity over time and across different sites, track email interactions, identify cookies or device-specific identifiers, and collect related information. This data may be linked to your unique browser, device ID, or IP address. Most web browsers accept and maintain cookies by default. 

​

By law, we are required to set only essential cookies necessary for website operation. You can modify your cookie preferences through your browser’s ‘Help’ or ‘Settings’ menu; however, altering these settings may limit your access to certain website features. 

​

Our website may provide links to third-party websites for your information. If you access those links through our website, you will leave our website. We do not own and control those sites, their content, or their privacy practices. We encourage you to review the privacy policy of any website before submitting your personal information. AZ&Co. Legal accepts no liability whatsoever for the content, products, services, privacy practices, or security measures of any third-party website linked from our website. The inclusion of any link does not constitute an endorsement, recommendation, or approval by AZ&Co. Legal of the linked website or its operators.

​

7. INTERNATIONAL DATA TRANSFERS 

​

As we regularly serve clients internationally, it may be necessary to transfer personal data outside the UAE, particularly if you are located outside the UAE or if your services involve parties or jurisdictions outside the UAE. Our third-party service providers, such as IT support and cloud storage providers, may also process your data globally and may be located outside the UAE. 

​

When transferring your personal data outside the UAE, we ensure that adequate safeguards are in place in accordance with UAE PDPL and the requirements of Cabinet Resolution No. 33 of 2024. We transfer personal data internationally only where: 

(i) the destination country has been recognised by the UAE Data Office as providing an adequate level of data protection;

(ii) appropriate safeguards are in place, including standard contractual clauses or binding corporate rules that mandate protections equivalent to those required under UAE law; or 

(iii) you have provided your explicit, informed consent to the transfer after being informed of the possible risks.

 

We shall maintain records of all cross-border data transfer mechanisms relied upon and shall make such records available to the relevant supervisory authority upon request. Recipients of personal data transferred internationally are required to provide equivalent protections and are prohibited from further transferring the data without our prior written consent.

​

8. HOW LONG DO WE KEEP YOUR PERSONAL DATA 

​

We will only retain your personal data for as long as is reasonably necessary to fulfillthe purposes for which it was collected. Our retention periods are determined by considering our legal, regulatory, professional, and contractual obligations. 

​

We are required to retain certain personal data for a significant period after the conclusion of a matter. This is necessary to comply with our professional responsibilities, for the establishment or defence of legal claims, and to meet our legal and regulatory record-keeping obligations. In particular, and without limitation, AZ&Co. Legal retains client files and associated personal data for a minimum period of seven (7) years following the conclusion of the relevant engagement, or such longer period as may be required by applicable law, regulatory guidance, or the terms of our professional indemnity insurance. AML/KYC records are retained for a minimum of five (5) years from the date of the transaction or the end of the business relationship, in accordance with Federal Decree-Law No. 20 of 2018 and its amendments.

​

Where we process your data based on your consent, we will retain your data until you notify us that you wish to withdraw your consent, subject always to any overriding legal or regulatory retention obligation. Once the applicable retention period has expired, your personal data will be securely and permanently destroyed or anonymised so that it can no longer be associated with you.

​

9. YOUR RIGHTS AND CHOICES 

​

Subject to applicable law and any overriding legitimate interests or legal obligations of AZ&Co. Legal, you have the following rights with respect to our processing of your personal data:

​

a. Access: You have the right to request a copy of the personal data we hold about you. However, this right may be limited where providing the information would disclose data about another individual, where it would prejudice legal proceedings, or where disclosure is otherwise restricted by law.

​

b. Accuracy: We strive to keep your personal data accurate, up-to-date, and complete. Please contact us if your data changes or if you notice any inaccuracies, so we can update our records accordingly. 

​

c. Objection and Restriction: In certain circumstances, you may object to or request that we restrict the processing of your personal data. AZ&Co. Legal will assess such requests in accordance with applicable law and reserves the right to continue processing where required by legal or regulatory obligation, or in the exercise or defence of legal claims.

​

d. Portability: You may request that certain of your personal data be provided to you or transferred to another data controller in a structured, commonly used, and machine-readable format, where technically feasible and where such transfer does not adversely affect the rights of others.

​

e. Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where it has been unlawfully processed. This right is subject to AZ&Co. Legal's overriding legal and regulatory retention obligations and its right to retain data for the establishment, exercise, or defence of legal claims.

​

f. Withdrawal of Consent: Where we rely on consent as the legal basis for processing, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

​

g. Complaints: You have the right to lodge a complaint with the UAE Data Office or any other relevant supervisory authority if you believe your data protection rights have been violated.

​

To exercise any of the above rights, please contact us at the details provided in Section 12 below. We may require you to verify your identity before processing your request. We will respond to all valid requests within thirty (30) calendar days of receipt, unless the complexity or volume of requests necessitates an extension, in which case we will notify you within the initial 30-day period. 

​

10. HOW DO WE KEEP YOUR INFORMATION SAFE? 

​

We have put in place robust technical and organisational security measures to protect your personal data from accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures include:

​

a. Encryption: All data, particularly sensitive client information, is encrypted both during transmission and while stored. We utilise Tresorit's end-to-end encryption and zero-knowledge architecture to ensure your data remains highly secure in the cloud.

b. Access Controls: Strictly enforced to ensure that only authorised personnel can access your data on a need-to-know basis, supported by role-based access protocols.

c. Regular Security Audits: We conduct regular reviews and updates of our security protocols to address evolving threats and technologies.

d. Staff Training: All personnel receive ongoing training on data protection and cybersecurity best practices.

 

Notwithstanding the above, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data using commercially reasonable measures, AZ&Co. Legal cannot guarantee absolute security and shall not be liable for any unauthorised access, disclosure, or loss of personal data that occurs despite such measures being in place, to the fullest extent permitted by applicable law. You are responsible for maintaining the confidentiality of any access credentials used to access our services.

​

11. CHANGES TO THIS POLICY 

​

We may update this Privacy Policy periodically. Material changes that affect the way in which we process your personal data will be communicated to you by email (to the address on file) or by prominent notice on our website at least fourteen (14) days prior to the change taking effect, unless a shorter period is required by law. Non-material updates (such as formatting or typographical corrections) may be made without advance notice. Continued use of our website or services following notification of a material change shall constitute acceptance of the revised Policy.

We encourage you to review this Privacy Policy regularly. The most current version is available via our website and may be incorporated into our engagement letters, terms and conditions of engagement, or other relevant documents as appropriate.

​

12. LIMITATION OF LIABILITY 

​

To the fullest extent permitted by applicable law, AZ&Co. Legal and its affiliates, directors, officers, employees, and agents shall not be liable for any indirect, incidental, consequential, special, or punitive damages arising out of or in connection with this Privacy Policy, the processing of personal data in accordance herewith, or any breach or alleged breach of this Privacy Policy, except where such liability cannot be excluded under applicable law.

 

Nothing in this Privacy Policy constitutes legal advice or creates an attorney-client relationship. This Policy is an operational and compliance document governing the processing of personal data by AZ&Co. Legal.

 

13. CONTACT US 

​

If you have questions, concerns, or complaints regarding our processing of your personal data, you may contact our Data Protection Officer: 

Organisation: AZ&Co. Legal

DPO Name: Aleena Zahid

Email: Aleena.zahid@azcolegal.com

Address: 217-54, Business Village Block B, Port Saeed, Deira,

Dubai, United Arab Emirates

 

You also have the right to lodge a complaint with the UAE Data Office. AZ&Co. Legal encourages you to contact us in the first instance so that we may address your concerns directly before escalating to any supervisory authority.

 

Thank you for trusting AZ&Co. Legal with your personal information.