PRIVACY POLICY

Last updated: September 2025

We respect your privacy and are committed to protecting your personal information. This policy explains how we collect, use, and protect your data when you interact with us or use our website. We have a separate policy which sets out similar information relating to the cookies that we use, which can be found here.

1. Who we are

Owla Consulting is a UAE-based law firm. As we have clients worldwide, we are subject to diverse data protection regimes of the jurisdictions in which we operate. We strive to comply with all data protection laws that affect us. This policy reflects standard of protection of personal information set out in the Federal Decree Law No. 45 of 2021 on the Protection of Personal Data (PDPL), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and repealingDirective 95/46/EC (General Data Protection Regulation) OJ L119/1, 4.5.2016 (EU GDPR), and Data Protection Act 2018 and the UK GDPR (as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) (UK GDPR).

2. Controller

We are the data controller under the laws set out in paragraph 1 above and are responsible for your personal data.

3. What personal data we collect

Depending on how you work with us, we may collect:

· identity and contact details (includes name, company, job title, email, phone, address);

· financial details (includes billing information, payment details, engagement documents);

· case-related data (includes information that you or third parties provide in the context of your legal matters);

· technical data (includes IP address, your login data, volume of traffic, device/browser information, cookies);

· profile data (includes your username and password, requests made by you, feedback and survey responses);

· marketing and communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

We generally do not collect sensitive data (e.g. health, religion, criminal records), unless required for legal or regulatory reasons.

Our services are not directed to children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information as soon as possible.

4. How we collect your personal data

We use different methods to collect data from and about you including:

· directly from you (emails, calls, meetings, forms, contracts);

· through your use of our website (cookies, analytics);

· through third parties or publicly available sources (public databases, regulators, service providers, professional networks);

· by virtue of our access to CCTV footage;

· otherwise through providing our legal services and operating our business.

5. How we use your personal data

We process your personal data only where we have a valid legal basis under applicable data protection laws:

· to enter into a contract with you (e.g. to check whether we can act for you as a new or existing client);

· to deliver our services and manage our relationship with you;

· to handle billing, payments, and administration;

· to communicate updates, events, or legal insights (if you have agreed);

· to comply with a legal obligation to which we are subject, e.g. anti-money laundering and prevention of other criminal activities;

· to process legal claims;

· for referral purposes;

· where you have given us your explicit consent for a specific purpose. You may withdraw your consent at any time (see paragraph 11 below).

We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by contacting us. If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.

We do not use your personal data for automated decision-making, including profiling, that produces legal effects or similarly significant effects concerning you.

6. Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, see our Cookie Policy here.

7. Sharing your personal data

We may share your personal data with:

· our staff and trusted service providers (IT support, accountants, advisors);

· regulators, courts, or authorities if legally required;

· other third parties only with your consent (e.g. referrals).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We never sell your personal data.

8. International transfers

Because we work with global clients, your data may be transferred outside your country.

Whenever we transfer your personal data worldwide, in particular outside theEuropean Economic Area (EEA), the United Kingdom, or the UAE, we ensure that appropriate safeguards are in place to protect your data. These safeguards may include:

· transfers to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or the UK government;

· use of Standard Contractual Clauses (SCCs) or other approved contractual mechanisms;

· binding Corporate Rules (BCRs) where applicable.

Moreover, your personal information that is shared or stored outside of Owla Consulting will be limited to the minimum required for the relevant purpose.

You may contact us for further information about the specific safeguards applied to your data.

9. How we keep your data safe

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

10. How long we keep personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. In practice, this usually means retaining data for 6years after the end of a client engagement, unless a longer retention period is required by law or professional obligations.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

11. Your rights

You have rights under data protection laws in relation to your personal data to:

· request access to your personal data;

· request correction of your personal data;

· request erasure of your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;

· request restriction of processing of your personal data in certain circumstances;

· request to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible;

· object any time to processing of your personal data, including for direct marketing purposes or where processing is based on our legitimate interests;

· withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent;

· request information about, and object to, any automated decision-making or profiling that produces legal or similarly significant effects;

· be notified of certain personal data breaches.

If you wish to exercise any of the rights set out above, please contact us (see Contact details in paragraph 12 below).

12. Contact details

If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact us in the following ways:

📧 Email address: info@owlaconsulting.com

📍 Postal address: S16W85B Shed No.16 - Al Hulaila FZ, Al Hulaila Industrial Free Zone, RAK, United Arab Emirates

13. Complaints

Please direct any complaint relating to how the firm has processed your personal information to info@owlaconsulting.com. You may also write to us at S16W85B Shed No.16-Al Hulaila FZ, Al Hulaila Industrial Free Zone, RAK, United ArabEmirates. We hope that we can resolve any query or concern you raise about our processing of your personal information.

The applicable data protection laws give you the right to lodge a complaint with a data protection supervisory authority (DPA), usually in the country where you work, normally live or where any alleged infringement of data protection laws has occurred. Details of EU Member State DPAs and EEA DPAs can be found here. Details of the UK DPA can be found here. The UAE DPA, UAE Data Office, is not yet operational.

14. Updates  

We may update this policy from time to time.Please check back periodically for the latest version.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

15. Third-party links  

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Cookie Settings