MIDDLE EAST
ADVISORY GROUP

PRIVACY POLICY

Middle East Advisory Group L.L.C

Last Updated: 19th of January, 2026

This Privacy Policy explains how MIDDLE EAST ADVISORY GROUP L.L.C ("ME Advisory Group", "we", "us", "our") collects, uses, discloses, and protects Personal Data when you:

  1. Visit or use https://me-advisorygroup.com (the "Website"), and/or
  2. Contact us, request information, or engage our professional and administrative services (the "Services").

We process Personal Data in a lawful, fair, and transparent manner and in line with applicable UAE data protection requirements, including (where applicable) UAE Federal Decree-Law No. 45 of 2021 Regarding the Protection of Personal Data (PDPL) and its implementing regulations, as may be amended from time to time.

1. WHO WE ARE

  • Data Controller: MIDDLE EAST ADVISORY GROUP L.L.C
  • Location: Dubai, United Arab Emirates
  • Contact (Privacy): privacy@me-advisorygroup.com
  • Address: Boulevard Plaza, Tower 1, Level 9, Sheikh Mohammed Bin Rashid Boulevard, Dubai, United Arab Emirates

Where we act as a "controller", we determine how and why your Personal Data is processed. In limited cases, we may process certain information as a "processor" on behalf of a client entity (for example, where a corporate client shares employee/shareholder information for a defined purpose). In those cases, the client entity may be the controller.

2. DEFINITIONS

  • "Personal Data" means information relating to an identified or identifiable natural person.
  • "Sensitive Personal Data" (where applicable) includes categories such as biometric data, health data, and any other categories designated as sensitive under applicable law.
  • "Processing" means any operation performed on Personal Data (collection, storage, use, disclosure, deletion, etc.).
  • "Third Parties" means external entities such as authorities, banks, free zones, partners, and service providers.

3. PERSONAL DATA WE COLLECT

We collect Personal Data in three main ways: (A) data you provide, (B) data collected automatically, and (C) compliance-related data required for regulatory or risk purposes.

A) Information you provide directly

Depending on your relationship with us, we may collect:

  • Identity and contact details: full name, email address, phone number, nationality, date of birth (where relevant), and communication preferences
  • Professional details: company name, position/title, business activity, corporate structure summary
  • Addresses: residential address and/or business address
  • Client onboarding and service delivery details: information needed to understand your requirements and provide Services
  • Identification documents: passport copy, Emirates ID, visas, photographs (where required for applications)
  • Corporate documentation: trade licenses, incorporation documents, shareholder registers, board resolutions, beneficial ownership details
  • Financial and billing details: invoicing details, payment references, bank details (where required for payment processing), and related correspondence
  • Communications: information contained in emails, calls, WhatsApp messages, meeting notes, and other communications with us

B) Automatically collected information (Website usage data)

When you use the Website, we may automatically collect:

  • IP address and approximate location (city/country level)
  • Browser type, device type, operating system, and language settings
  • Pages viewed, time spent, clicks, referral URLs, and site interactions
  • Date/time logs and diagnostic data

This data is typically collected through cookies, pixels, analytics tools, and server logs.

C) Compliance and risk information (KYC/AML/sanctions)

Where Services require compliance checks (or where we reasonably deem it necessary), we may collect:

  • source of funds / source of wealth evidence
  • corporate registry extracts and verification documents
  • Ultimate Beneficial Owner (UBO) information
  • sanctions, PEP (politically exposed person) screening results, adverse media checks
  • due diligence notes and risk assessments

Refusal to provide required compliance information may prevent us from onboarding you or continuing Services.

4. HOW WE USE PERSONAL DATA

We may use Personal Data for the following purposes:

4.1 Service delivery and operations

  • Responding to enquiries and providing requested information
  • Onboarding clients and managing engagements
  • Preparing documents, submissions, applications, and service coordination
  • Communicating with you about your matter, timelines, and requirements
  • Maintaining internal records, project notes, and service history

4.2 Compliance, legal, and risk management

  • Conducting KYC/AML due diligence and sanctions screening
  • Preventing fraud, misuse, or unlawful activity
  • Meeting legal obligations, responding to lawful requests from authorities
  • Maintaining audit trails and compliance logs

4.3 Billing and administration

  • Issuing proposals, engagement letters, contracts, and invoices
  • Processing payments and maintaining financial records
  • Managing disputes, collections, and confirmations

4.4 Website and service improvement

  • Understanding how the Website is used, improving performance and content
  • Security monitoring and protecting against cyber threats
  • Analytics and aggregated reporting (where possible, de-identified)

4.5 Marketing (where permitted)

  • Sending updates, insights, or service announcements (only where you have consented or where lawful under applicable rules)
  • Managing opt-outs and preferences

5. LEGAL BASIS FOR PROCESSING

We process Personal Data on one or more of the following bases (as applicable and permitted under law):

  • Contractual necessity: to provide Services or take steps at your request before entering into an engagement
  • Legal obligation: including AML/KYC, sanctions compliance, regulatory requirements, record retention
  • Legitimate interests: to operate our business, secure systems, improve services, prevent fraud, and manage relationships (balanced against your rights)
  • Consent: for specific activities such as certain marketing communications and non-essential cookies (where required)

Where we rely on consent, you may withdraw it at any time (see Section 11).

6. HOW AND WHEN WE SHARE PERSONAL DATA

We do not sell your Personal Data.

We may share Personal Data where necessary for the purposes described above, including with:

6.1 Authorities and official bodies

  • Immigration and residency authorities
  • Corporate registries, free zone authorities, and licensing bodies
  • Tax authorities (where relevant to your matter)
  • Courts, regulators, and law enforcement (where legally required)

6.2 Banks and financial institutions

  • For account opening coordination, compliance checks, payment confirmations, and related processes

6.3 Real estate and related parties (where you request real estate support)

  • Developers, brokers/agents, landlords, property managers, and related onboarding teams

6.4 Professional advisors and compliance providers

  • External legal counsel, tax advisors, auditors, and corporate service partners
  • Screening and verification service providers (sanctions/PEP/adverse media)
  • Translators, attestation providers, couriers, typing centres, medical centres (where required)

6.5 Technology providers

  • Website hosting providers, email platforms, cloud storage, CRM systems, analytics providers, and cybersecurity vendors

We only share what is reasonably necessary and, where appropriate, require confidentiality and security obligations.

7. INTERNATIONAL TRANSFERS

Your Personal Data may be processed in the UAE and, where necessary for service execution or operational support, in other countries (for example, where cloud servers or third-party professional advisors are located).

Where cross-border transfers occur, we implement appropriate safeguards consistent with applicable UAE requirements. These may include contractual protections, vendor security assessments, access controls, and data minimisation.

8. DATA SECURITY

We use reasonable technical and organisational measures designed to protect Personal Data, including (as appropriate):

  • Access controls and role-based permissions
  • Secure storage and encrypted transmission where feasible
  • Confidentiality obligations for staff and contractors
  • Vendor due diligence and security controls
  • Monitoring for suspicious activity and security incidents

No system is completely secure. You acknowledge that we cannot guarantee absolute security of information transmitted to us online.

9. DATA RETENTION

We retain Personal Data only for as long as necessary for the purposes set out in this Policy, including:

  • Providing Services and maintaining operational records
  • Complying with legal and regulatory obligations (including AML/KYC retention)
  • Resolving disputes and enforcing agreements
  • Maintaining audit trails and business continuity

Retention periods vary by context and may typically range from 5 to 10 years (or longer where required by law, regulatory guidance, or ongoing disputes). We may retain limited records beyond these periods where necessary to establish, exercise, or defend legal claims.

10. YOUR RIGHTS

Subject to applicable UAE law and certain exemptions (especially for compliance obligations), you may request:

  • Access to your Personal Data
  • Correction of inaccurate or incomplete data
  • Deletion where legally permissible (note: we may need to retain certain records for compliance/legal reasons)
  • Restriction or objection to certain processing in some circumstances
  • Withdrawal of consent where processing is based on consent
  • Data portability where applicable and feasible under law

To exercise your rights, email privacy@me-advisorygroup.com. We may need to verify your identity before responding. If you are acting on behalf of another person/entity, we may require proof of authority.

11. MARKETING COMMUNICATIONS

We may send marketing communications only where we have a lawful basis to do so (for example, your consent, or as otherwise permitted). You can opt out at any time by:

  • Using the unsubscribe link (where included), or
  • Emailing privacy@me-advisorygroup.com with your request

Opting out of marketing does not affect service-related communications.

12. COOKIES AND ANALYTICS

We may use cookies and similar technologies to:

  • Ensure Website functionality and security
  • Understand Website usage and performance
  • Improve user experience and content

You can control cookies through your browser settings and, where implemented, via our cookie preference tools. Disabling cookies may affect Website functionality.

13. CHILDREN

The Website and Services are not intended for children. We do not knowingly collect Personal Data from individuals under the age where parental consent would be required under applicable law. If you believe a child has provided data to us, contact privacy@me-advisorygroup.com.

14. THIRD-PARTY WEBSITES

The Website may contain links to third-party sites. We are not responsible for their privacy practices or content. You should review the privacy policies of any third-party sites you visit.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. The updated version will be posted on the Website with a revised "Last Updated" date. Continued use of the Website or Services after updates constitutes acceptance of the updated Policy, to the extent permitted by law.

16. CONTACT US

For privacy-related questions, requests, or complaints:

  • Email: privacy@me-advisorygroup.com
  • Address: Boulevard Plaza, Tower 1, Level 9, Sheikh Mohammed Bin Rashid Boulevard, Dubai, United Arab Emirates