Prosperity Partners Consultancy Ltd.
Prosperity Partners Consultancy Ltd.
  • Home
  • About Us
  • Services
  • Contact Us
  • More
    • Home
    • About Us
    • Services
    • Contact Us
  • Home
  • About Us
  • Services
  • Contact Us

Privacy Policy

1.  Introduction

a.  This Data Protection and Privacy Policy ("Policy") is designed to help you understand how Prosperity Partners Consultancy Ltd ("Company") collects, uses, discloses, and protects your Personal Data, in accordance with the Data Protection Law, DIFC Law No. 5 of 2020 ("DIFC DP Law") and the DIFC Data Protection Regulations. We are committed to ensuring the confidentiality, integrity, and security of all personal data handled by us.


2.  Definitions

a.  For the purposes of this Policy, the following terms shall have the meanings specified below:-

 i.  "Consent" of the Data Subject means a freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.

 ii.  "Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

 iii.  "Data Protection Officer (DPO)" refers to an individual appointed by the Controller or Processor who is responsible for overseeing data protection strategy and implementation to ensure compliance with data protection laws and regulations.

 iv.  "Data Subject" refers to the identified or identifiable natural person whose Personal Data is processed by the Company.

 v.  "Personal Data" refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

 vi.  "Personal Data Breach": A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed. 

 vii.  "Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. 

 viii.  "Processor" means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.

 ix.  "Profiling": Any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.  – 

 x.  "Special Categories of Personal Data" include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

 xi.  “Supervisory Authority": The independent public authority established pursuant to Article 37 of the DIFC DP Law, responsible for monitoring the application of data protection regulations to protect the rights and freedoms of natural persons in relation to processing.

 xii.  “Third Party”: A natural or legal person, public authority, agency, or body other than the Data Subject, Controller, Processor, and persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data.


3.  Applicable Data Protection Laws and Regulations

a.  The data protection laws and regulations applicable to the Company are as follows:-

 i.  DIFC Data Protection Law, DIFC Law No. 5 of 2020;

 ii.  DIFC Data Protection Regulations 2020;

 iii.  Relevant guidelines and directives issued by the DIFC Commissioner of Data Protection which may include additional obligations or best practice recommendations to ensure compliance and protection of Personal Data..

b.  The DIFC Data Protection Law prescribes rules regarding the collection, handling, disclosure, and use of personal data, the rights of individuals to whom the personal data relates, and the role of the Commissioner of Data Protection.


PART A – PURPOSE & APPLICABILITY

4.  Identity

a.  Prosperity Partners Consultancy Ltd is a private company registered in the DIFC under license number CL 8885, operating from Park Towers, Unit 201, Level 2, Al Mustaqbal Street, Dubai International Financial Centre (DIFC).


5.  Purpose

a.  This Policy delineates the principles and practices that Prosperity Partners Consultancy Ltd, a private company duly registered in the Dubai International Financial Centre (DIFC) under license number CL 8885 and operating from Park Towers, Unit 201, Level 2, Al Mustaqbal Street, Dubai International Financial Centre (DIFC), adheres to in processing Personal Data. Our engagement in financial analysis, consultancy, and marketing research services necessitates the collection, use, and disclosure of Personal Data in compliance with the DIFC DP Law, Regulations, and other applicable laws and regulations in the United Arab Emirates (UAE).

b.  This document serves as the general Data Protection and Privacy Policy applicable across our business operations, including our website(s), outlining our commitment to data protection, the measures we implement to protect data, and the rights of Data Subjects in relation to their Personal Data.


6.  Our Use of Personal Data

c.  In connection with providing services and in compliance with applicable laws and regulations in the DIFC and the UAE, we collect and process information, including personal data, to deliver our financial analysis, consultancy, and marketing research services effectively, this includes but is not limited to:  

 i.  Service Delivery: Processing necessary Personal Data to provide requested services, respond to inquiries, and ensure the quality of our consultancy services. 

 ii.  Client Relationship Management: Maintaining communication with clients, sending service-related communications, updates, and managing accounts. 

 iii.  Regulatory Compliance: Complying with legal and regulatory obligations, including anti-money laundering (AML), know your customer (KYC) requirements, and other due diligence processes. 

 iv.  Business Development: Analyzing Personal Data to understand client needs, preferences, and interests to improve our services and develop new offerings. 

 v.  Security and Fraud Prevention: Using Personal Data to protect the security of our systems, detect and prevent fraud, and ensure the integrity of our services.  We ensure that the processing of Personal Data is limited to what is necessary for these purposes and is conducted in accordance with the lawful bases outlined in this Policy


7.  Updating this Policy

a.  We reserve the right to update this Policy periodically to accommodate changes in legislation, our business operations, or our data protection practices. Significant changes will be communicated through our website or other effective communication methods to ensure that you remain informed of how we protect your Personal Data.


PART B – YOUR PERSONAL DATA

8.  What is Personal Data

a.  Personal Data refers to any information relating to an identified or identifiable natural person. This includes, but is not limited to, name, address, email, phone number, financial information, and any other data that can directly or indirectly identify an individual. Special Categories of Personal Data include data revealing racial or ethnic origin, political opinions, religious beliefs, health, or criminal records.


9.  Why We Collect Personal Data

a.  The collection of Personal Data by our Company is driven by several core purposes: fulfilling our contractual obligations, complying with legal and regulatory requirements, providing and managing our consultancy services, facilitating communications, improving our operations and customer experiences, and detecting and mitigating fraud and security threats.

b.  We collect personal data for the following purposes:

 i.  To fulfill contractual obligations;

 ii.  To comply with legal and regulatory requirements;

 iii.  To provide and manage our financial analysis and consultancy services;

 iv.  To facilitate communication with clients, partners, and vendors;

 v.  To improve our business operations and customer experience;

 vi.  To detect, prevent, and mitigate fraudulent activities and security threats.


10.  Categories of Personal Data Collected

a.  We may collect the following types of personal data:

 i.  Contact details: Name, address, email, phone number;

 ii.  Identification documents: Passport, Emirates ID, other national identification numbers;

 iii.  Financial details: Bank account information, tax identification numbers;

 iv.  Employment information: Job title, employer details, professional experience;

 v.  Digital data: IP addresses, website tracking, and online identifiers.


PART C – OUR USE OF YOUR PERSONAL DATA

11.  How We Use Your Personal Data

a.  Our use of your Personal Data is multifaceted, enabling us to deliver high-quality financial consultancy and marketing research services. This involves performing our contractual obligations, conducting internal analyses for business development, ensuring compliance with legal obligations, and facilitating effective communication with clients, partners, and vendors.

b.  We use your personal data to:

 i.  Provide financial consultancy and marketing research services;

 ii.  Perform contractual obligations;

 iii.  Conduct internal analysis and business development activities;

 iv.  Ensure compliance with DIFC regulations and legal obligations;

 v.  Facilitate communication and respond to inquiries.


12.  Lawful Basis for Processing

a.  The lawful basis for our processing activities encompasses consent (obtained explicitly from the Data Subject), contractual necessity (processing required to fulfill our contractual obligations), compliance with legal obligations, and legitimate interests (processing necessary for supporting our business operations with minimal impact on individual privacy).

b.  We process personal data under the following legal bases:

 i.  Consent: Where we have obtained explicit consent from the data subject. Processing is based on the explicit consent of the Data Subject for one or more specific purposes. Consent is obtained in a clear and transparent manner and may be withdrawn at any time.

 ii.  Contractual necessity: Processing required to fulfill contractual obligations. Processing is necessary for the performance of a contract to which the Data Subject is a party or to take steps at the request of the Data Subject prior to entering into a contract.

 iii.  Legal obligations: Compliance with applicable laws and regulations. Processing is necessary for compliance with a legal obligation to which the Controller is subject, such as regulatory requirements, tax laws, or litigation purposes.

 iv.  Legitimate interests: To support business operations while ensuring minimal impact on individual privacy. Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a Third Party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data.

c.  We carefully assess and document the lawful basis for all processing activities to ensure compliance with the DIFC DP Law and to uphold the rights of Data Subjects.


PART D – OTHER IMPORTANT INFORMATION

13.  Data Sharing and Transfers

a.  The sharing and transfer of Personal Data are conducted with the utmost care, ensuring necessary safeguards are in place. We engage with third-party service providers for IT support, legal, and financial services, and share data with regulatory authorities as required by law. International data transfers are executed in compliance with DIFC regulations, ensuring that your Personal Data is protected regardless of where it is processed.

b.  We share personal data with third parties only where necessary and with appropriate safeguards in place. These include:

 i.  Service providers assisting with IT support, legal, management consultancy and financial services;

 ii.  Regulatory authorities, as required by law;

 iii.  International data transfers conducted in compliance with DIFC regulations.


14.  Data Security Measures

a.  Our commitment to data security is unwavering, with rigorous measures implemented to safeguard Personal Data. These measures include, but are not limited to, data encryption, access control policies, multi-factor authentication, periodic security audits, and comprehensive employee training programs on data protection and privacy. 

b.  We implement robust security measures to ensure the confidentiality, integrity, and availability of Personal Data. These measures include:  

 i.  Data Encryption: Employing encryption technologies for Personal Data both in transit and at rest to protect against unauthorized access and disclosure.  

 ii.  Access Controls: Establishing strict access control mechanisms to limit access to Personal Data to authorized personnel only, utilizing role-based access and authentication protocols. 

 iii.  Multi-Factor Authentication: Requiring multi-factor authentication for access to systems containing Personal Data to enhance security beyond traditional password protection.  

 iv.  Network Security: Utilizing firewalls, intrusion detection systems, and anti-malware solutions to protect our network infrastructure from cyber threats. 

 v.  Regular Security Assessments: Conducting periodic vulnerability assessments, penetration testing, and security audits to identify and address potential security weaknesses.

 vi.  Employee Training: Providing ongoing training and awareness programs for employees to ensure they understand data protection policies, security protocols, and their responsibilities in protecting Personal Data.  

 vii.  Incident Response Plan: Maintaining a comprehensive incident response plan to swiftly address and mitigate the impact of any security incidents or data breaches. 

 viii.  Physical Security: Implementing physical security controls such as secure facilities, access badges, surveillance systems, and controlled entry to prevent unauthorized physical access to sensitive data. 

 ix.  Data Minimization and Pseudonymization: Adopting practices to minimize the amount of Personal Data processed and, where possible, using pseudonymization techniques to reduce the risk associated with processing.  Our commitment to data security is integral to our operations. We continuously review and update our security practices to address evolving threats and to ensure that Personal Data remains protected at all times.


15.  Data Retention

a.  Data retention practices are designed to retain Personal Data only for as long as necessary for the intended purpose or to comply with legal obligations. Upon the expiry of this period, data is securely dispose of through adopted methods ensuring your privacy is maintained.

b.  We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. The criteria used to determine our retention periods include:  

 i.  Legal Requirements: Retention periods mandated by law or regulation, such as financial regulations. 

 ii.  Contractual Obligations: Duration of the contractual relationship or as needed to enforce legal claims.  

 iii.  Business Needs: Retention necessary for operational purposes, auditing, or quality assurance.  Once the applicable retention period expires, we securely dispose of Personal Data through methods such as:  

1.  Secure Deletion: Permanent deletion of electronic records. 

2.  Anonymization: Removing personal identifiers so data can no longer be associated with an individual.  

3.  Physical Destruction: Shredding or incinerating physical documents.  Our data retention policies ensure Personal Data is not kept longer than necessary while complying with legal obligations and protecting the rights of Data Subjects.

c.  We retain personal data only for as long as necessary to fulfill the intended purpose or comply with legal obligations. Data is securely disposed of upon expiry through secure digital shredding and physical destruction.


16.  Data Breach Management

a.  In the event of a data breach, our comprehensive response plan enables us to swiftly contain, assess, and report the incident, minimizing its impact. This includes immediate containment measures, notification to affected Data Subjects as necessary, and the implementation of remedial actions to prevent future occurrences.

b.  In the event of a data breach, we have procedures in place to contain, assess, and report the incident to relevant authorities within 72 hours if required. Our response plan includes:

 i.  Immediate Action: Promptly contain the breach to prevent further unauthorized access or damage.  

 ii.  Assessment: Evaluate the breach to understand its scope, the type of data involved, and the potential impact on Data Subjects.  

 iii.  Notification: If the breach poses a high risk to Data Subjects, we will notify the Commissioner of Data Protection within 72 hours and inform affected individuals without undue delay.  

 iv.  Documentation: Keep detailed records of the breach, including its cause, the extent of the data involved, and steps taken to address it.  

 v.  Remediation: Implement measures to mitigate harm and prevent future breaches, such as enhancing security protocols and providing additional staff training.  

 vi.  Communication: Offer guidance and support to affected individuals, advising them on steps to protect themselves.  

c.  Our commitment is to manage data breaches transparently and effectively, minimizing potential adverse effects on Data Subjects.


PART E – YOUR RIGHTS

17.  Your Data Protection Rights

a.  The DIFC DP Law empowers Data Subjects with several rights regarding their Personal Data, including the rights to access, request rectification or erasure, restrict processing, object to processing, and withdraw consent at any time. Furthermore, Data Subjects have the right to lodge a complaint with the DIFC Commissioner of Data Protection if they believe their data protection rights have been infringed.

b.  Under the DIFC DP Law, Data Subjects have the following rights: 

 i.  Right of Access: You have the right to obtain confirmation of whether or not we are processing your Personal Data and, if so, access to that data and information about how we process it.  

 ii.  Right to Rectification: You can request the correction of inaccurate Personal Data and have incomplete data completed.  

 iii.  Right to Erasure: Under certain conditions, you have the right to request the deletion of your Personal Data from our records.  

 iv.  Right to Restrict Processing: You can ask us to limit the processing of your Personal Data in specific circumstances.  

 v.  Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and transmit it to another controller.  

 vi.  Right to Object: You may object to the processing of your Personal Data for reasons related to your particular situation, including profiling and direct marketing.  

 vii.  Right to Withdraw Consent: If processing is based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.  

 viii.  Right to Lodge a Complaint: If you believe we have infringed your data protection rights, you have the right to lodge a complaint with the Commissioner of Data Protection.


18.  Exercising Your Rights

a.  We are not required to maintain a Data Protection Officer (DPO) since we are not meeting any of the criterial mentioned in the act, and have designated individual who is responsible for the oversight and compliance with respect to data protection laws and obligations or any other applicable data protection law in power. He shall act as a point of contact for Data Subjects and the Supervisory Authority, providing advice on data protection obligations, monitoring compliance, and fostering a culture of data protection within the organization.

b.  He operates with autonomy and reports directly to the highest level of management, ensuring that data protection remains a priority at all levels of the Company.

c.  To exercise your data protection rights, please contact our authorized individual (SPOC) using the contact information provided below. When making a request, kindly provide sufficient information to identify yourself and specify the right you wish to exercise. Our procedures are as follows: 

 i.  Submitting a Request: You may submit your request in writing via email or postal mail. Please include your full name, contact information, and a detailed description of your request.  

 ii.  Verification: For your security, we may need to verify your identity before processing your request. This may involve asking for additional information or identification documents.  

 iii.  Response Time: We aim to respond to your request within one month of receipt. If an extension is necessary due to the complexity or number of requests, we will inform you promptly and provide reasons for the delay. 

 iv.  Fees: Access to your Personal Data and the exercise of your rights are generally free of charge. However, we may charge a reasonable fee if your request is unfounded, repetitive, or excessive.  

d.  We strive to respond to all requests promptly and in accordance with the DIFC DP Law. Our SPOC is responsible for overseeing data protection compliance, data protection strategy and implementation within the organization to ensure compliance with data protection laws. They ensure that your rights are upheld and that we adhere to the DIFC DP Law in all our processing activities.

e.  Our Authorized Individual Officer contact information is as follows: 

Prosperity Partners Consultancy Ltd., Park Towers, Commercial Tower B, Unit 201B, Level 2, Al Mustaqbal Street, Dubai International Financial Centre (DIFC)

contact@prosperfin.com


19.  Approval and Effective Date

a.  This Data Protection and Privacy Policy is approved and adopted by the Board of Directors of Prosperity Partners Consultancy Ltd.


Effective Date: 23-Jan-2024

  • Home
  • About Us
  • Services
  • Contact Us
  • Privacy Policy

Copyright © 2025 prosperity partners consultancy ltd. - All Rights Reserved.

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept