1. Introduction
B-AML ("we", "us", or "our") is a professional AML compliance services firm operating in the United Arab Emirates. We are committed to protecting the privacy and personal data of all individuals who interact with our website at www.b-aml.com (the "Website") and those who engage our services.
This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information in accordance with applicable UAE data protection laws, including Federal Decree-Law No. 45 of 2021 on Personal Data Protection (the "PDPL") and its implementing regulations, as well as any applicable sector-specific regulations issued by the UAE Central Bank (CBUAE) or the Ministry of Economy.
This Policy applies to all personal data collected through: (a) our Website, including all pages and sub-pages; (b) our contact form; (c) our AML Risk Snapshot self-assessment tool at www.b-aml.com/en/form; (d) our newsletter subscription.
By accessing or using our Website or engaging our services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.
2. Data Controller
B-AML is the data controller responsible for your personal data. You may contact us with any questions regarding your data or this Privacy Policy using the details below:
B-AML Email: contact@b-aml.com Phone: +971 4 589 4111 WhatsApp: +971 52 736 5437 Website: www.b-aml.com Jurisdiction: United Arab Emirates
3. Information We Collect
We may collect and process the following categories of personal data:
3.1 Contact Form
When you submit the contact form, we collect the following information you provide directly:
- First name and last name
- Email address
- Phone number
- Message content
Submission of this form constitutes your agreement to our Terms & Conditions.
3.2 AML Risk Snapshot Assessment
Our free AML Risk Snapshot tool invites visitors to answer up to 10 questions to assess their AML compliance exposure under UAE regulations. The data collected through this tool may include:
- Business sector (e.g. real estate, DPMS, CSP, accounting/audit firm, other)
- goAML registration status
- Business profile and operational details submitted across the assessment sections
The information submitted through this tool may be stored by B-AML and reviewed by our compliance team for the purpose of following up with you regarding our services. If you do not wish your assessment data to be retained, please contact us at contact@b-aml.com.
3.3 Newsletter Subscription
When you subscribe to our newsletter, we collect your email address and, where provided, your name. You may unsubscribe at any time by following the unsubscribe link in any newsletter email or by contacting us directly.
3.4 Automatically Collected Data
When you visit our Website, we automatically collect certain technical and usage data through cookies and tracking technologies, including:
- IP address, browser type and version, device type, and operating system
- Pages visited, time spent on pages, links clicked, and referring URLs.
3.5 Sensitive Personal Data
We do not intentionally collect sensitive or special category personal data (such as health information, political opinions, religious beliefs, biometric data, or criminal records) through our Website. Please do not submit such information via our contact form or assessment tool.
Where the provision of our professional services requires us to process sensitive data (e.g. criminal background information relevant to AML due diligence), we will handle such data in strict accordance with applicable UAE law.
3.6 Data Minimisation
Our policy is to collect only the minimum personal data necessary for the purposes described in this Policy. We do not actively seek demographic information beyond what is required to provide our services.
4. How We Use Your Information
We process personal data for the following purposes, on the following legal bases:
Performance of a contract or pre-contractual steps: responding to your enquiries; delivering AML compliance services including policy drafting, staff training, internal audits, BRAs, and goAML reporting support; and managing our client relationship.
Compliance with legal obligations: fulfilling our obligations under UAE AML/CFT laws and regulations, including Federal Decree-Law No. 20 of 2018 on AML/CFT, Cabinet Decision No. 10 of 2019, and CBUAE circulars; and meeting our own compliance and record-keeping requirements as a regulated professional services provider.
Legitimate interests: improving our Website and user experience; sending newsletters and AML regulatory updates to subscribers; detecting and preventing fraud and misuse; and following up with users who complete the AML Risk Snapshot tool.
Consent: placing non-essential cookies and tracking technologies on your device, where required by applicable law.
6. Disclosure of Personal Data
We do not sell, rent, or trade your personal data. We may share your information with the following categories of recipients only to the extent necessary:
- Regulatory authorities: the UAE Ministry of Economy, the CBUAE, the Financial Intelligence Unit (FIU), or other competent authorities, where required by law or regulation, including for the purpose of filing Suspicious Transaction Reports (STRs) via goAML.
- Service providers: trusted third-party vendors who assist us in operating our Website or delivering our services (e.g., IT infrastructure, communication platforms), bound by appropriate data processing agreements.
- Professional advisors: legal counsel, auditors, or accountants where necessary for the operation of our business.
- Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the relevant successor entity, subject to equivalent privacy protections.
Any disclosure to third parties is conducted in compliance with applicable UAE law and subject to appropriate safeguards.
7. Data Retention
We retain personal data for as long as necessary to fulfil the purposes described in this Privacy Policy, including compliance with legal and regulatory retention requirements. In particular:
- Client due diligence and AML compliance records are retained for a minimum of five (5) years following the end of the business relationship, in accordance with UAE AML regulations.
- Website usage data collected through cookies is retained in accordance with the relevant third-party provider’s data retention policies.
- Marketing communications data is retained until you unsubscribe or withdraw consent.
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include access controls, secure data storage, encryption where appropriate, confidentiality obligations on staff, and ongoing review of our security practices.
Only authorised B-AML personnel and the third-party processors described in this Policy are granted access to personal data, and they are required to maintain its confidentiality.
No transmission of data over the internet is entirely secure. While we take all reasonable steps to protect your data, you transmit information to us at your own risk.
9. Your Rights
Subject to applicable UAE law, you have the following rights in relation to your personal data:
- Right of access: to request a copy of the personal data we hold about you.
- Right to rectification: to request correction of inaccurate or incomplete data.
- Right to erasure: to request deletion of your personal data, subject to our legal retention obligations.
- Right to restriction: to request that we limit the processing of your data in certain circumstances.
- Right to object: to object to processing based on legitimate interests.
- Right to withdraw consent: where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at contact@b-aml.com. We will respond to your request within the timeframes prescribed by applicable law.
10. Third-Party Links
Our Website may contain links to third-party websites or platforms (including social media). This Privacy Policy applies solely to our Website and services. We are not responsible for the privacy practices of any third-party sites and encourage you to review their respective privacy policies.
11. International Data Transfers
Your personal data is primarily processed and stored within the UAE. Where data is transferred outside the UAE, we ensure that appropriate safeguards are in place in accordance with the requirements of the PDPL and any applicable implementing regulations, to ensure an equivalent level of data protection.
12. Governing Law and Jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of the United Arab Emirates. Any disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts of the UAE.
13. Changes to This Privacy Policy
We reserve the right to update or amend this Privacy Policy at any time. Any changes will be published on this page with an updated effective date. We encourage you to review this Policy periodically. Your continued use of the Website following the posting of changes constitutes your acceptance of the updated Policy.
14. Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact us:
B-AML – Data Privacy Email: contact@b-aml.com Phone: +971 4 589 4111 Website: www.b-aml.com Address: United Arab Emirates