Privacy Policy
Effective Date: 2 December 2025 | Last Updated: 2 December 2025
1. Data Controller and Contact Information
International Business Advisors DMCC (“IBA DMCC”, “we”, “us”, or “our”) is the Data Controller responsible for your personal data collected through this website (www.ibauae.com) and our services.
Registered Address:
The Dome Tower, Office 3001, Cluster N1, Jumeirah Lakes Towers
P.O. Box 643727, Dubai, United Arab Emirates
Contact Details:
Phone: +971 (0)4 399 59 09
Email: office@ibauae.com
Data Protection Inquiries: office@ibauae.com
2. Scope and Application
This Privacy Policy applies to all personal data collected through:
- Our website at www.ibauae.com
- Direct communications (email, telephone, WhatsApp)
- Third-party platforms integrated with our services (Calendly, analytics tools)
- Our business consultancy and advisory services
This Policy is designed to comply with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, “UAE PDPL”), the EU General Data Protection Regulation (“GDPR”), and the UK General Data Protection Regulation (“UK GDPR”), as applicable to your circumstances.
3. Personal Data We Collect
3.1 Data You Provide Directly
Contact Forms: Full name, email address, telephone number, company name (optional), and the content of your inquiry.
Lead Magnet & Resource Requests: Full name and email address when you request downloadable resources, guides, or newsletters.
Calendly Bookings: Full name, email address, telephone number, appointment date/time, and any information you provide in booking notes. Calendly processes this data as our service provider.
WhatsApp Communications: Your phone number, profile name, message content, and any media shared. Meta (WhatsApp's parent company) processes this data subject to its own privacy policy.
Service Engagement: Business documentation, financial information, identification documents, and other data necessary to provide our consultancy services.
3.2 Data Collected Automatically
When you visit our website, we automatically collect certain technical and behavioural data through cookies and similar technologies:
- IP address (anonymised where technically feasible)
- Device type, operating system, and browser information
- Pages visited and navigation path
- Time spent on pages and interaction events
- Referring URL and exit pages
- Approximate geographic location (derived from IP address)
3.3 Analytics and Tracking Technologies
We use the following third-party analytics and advertising services:
- Google Analytics 4 (GA4): For website performance analysis and user behaviour insights
- Google Ads Conversion Tracking: To measure advertising effectiveness
- Meta Pixel: For advertising performance measurement and retargeting
These tools may set cookies and collect data as described in Section 11 (Cookies and Similar Technologies).
4. Use of Collected Data
The personal information you provide is used for the following purposes:
- Lead Generation & Follow-Up: We use your contact details to communicate with you about your business service inquiry and provide further information about our consultancy and advisory services.
- Service Delivery: We process your data to deliver the business setup, PRO services, accounting, and consultancy services you have engaged us to provide.
- Marketing & Promotions: Your data may be used to send marketing communications, special offers, or updates on services that might interest you.
- Targeted Advertising: We may utilise data for targeted advertising through platforms like Facebook and Google to ensure that relevant ads reach you across multiple platforms.
- Legal & Regulatory Compliance: We process data as required to comply with UAE laws, regulations, and government authority requirements.
You may opt out of marketing communications at any time by contacting us at office@ibauae.com.
4.1 Legal Bases for Processing
We process your personal data only for specific, explicit, and legitimate purposes. The table below details each processing purpose and its corresponding legal basis under applicable law:
| Processing Purpose | Legal Basis |
|---|---|
| Responding to inquiries | Contractual necessity; Legitimate interests (customer service) |
| Providing consultancy services | Contractual necessity; Legal obligation (where applicable) |
| Scheduling appointments | Contractual necessity; Consent (where required) |
| Website analytics & performance | Legitimate interests (improving services); Consent (cookies) |
| Marketing & retargeting | Consent |
| Lead magnet delivery | Consent |
| Legal compliance & record-keeping | Legal obligation |
| Security & fraud prevention | Legitimate interests; Legal obligation |
Legitimate Interests Assessment: Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. You may request details of this assessment by contacting us.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data.
We may share your personal data with the following categories of recipients:
5.1 Service Providers
Third parties who provide services on our behalf, including:
- Vercel Inc. (website hosting and infrastructure)
- MongoDB, Inc. (database services)
- Calendly LLC (appointment scheduling)
- Google LLC (analytics and advertising)
- Meta Platforms, Inc. (WhatsApp communications and advertising)
These providers process data under written agreements that include appropriate data protection obligations.
5.2 Professional Advisors
Legal counsel, accountants, auditors, and other professional advisors who are bound by professional duties of confidentiality.
5.3 Government and Regulatory Authorities
Where disclosure is required by applicable law, court order, or regulatory requirement, including UAE government authorities, the UAE Data Office, and other competent authorities.
5.4 Business Transfers
In connection with any merger, acquisition, reorganisation, sale of assets, or bankruptcy proceeding, your personal data may be transferred to the relevant third party, subject to appropriate safeguards.
6. International Data Transfers
Your personal data may be transferred to, and processed in, countries outside the United Arab Emirates, including the European Union, United States, and other jurisdictions where our service providers operate.
Where such transfers occur, we ensure appropriate safeguards are in place, including:
- Transfers to countries recognised as providing adequate data protection
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules where applicable
- Certification mechanisms and approved codes of conduct
- Compliance with UAE PDPL cross-border transfer requirements
You may request a copy of the relevant transfer safeguards by contacting us using the details in Section 1.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:
| Data Category | Retention Period |
|---|---|
| Contact form submissions | 12 months from submission |
| Calendly booking data | 12 months from appointment date |
| WhatsApp communications | 12 months from last message |
| Lead magnet/newsletter data | Until consent withdrawn or 24 months of inactivity |
| Service engagement records | 7 years (UAE commercial law requirements) |
| Analytics data (GA4) | 14 months (default GA4 setting) |
| Financial/billing records | 7 years (UAE tax/commercial requirements) |
Upon expiration of the retention period, personal data is securely deleted or irreversibly anonymised. Certain data may be retained longer where required for legal claims, regulatory compliance, or audit purposes.
8. Your Data Protection Rights
Depending on your location and applicable law, you may have the following rights regarding your personal data:
8.1 Rights Under All Applicable Laws
- Right of Access: Obtain confirmation of whether we process your personal data and request a copy
- Right to Rectification: Request correction of inaccurate or incomplete personal data
- Right to Erasure: Request deletion of your personal data in certain circumstances
- Right to Restrict Processing: Request limitation of processing in certain circumstances
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
8.2 Additional Rights Under GDPR/UK GDPR
- Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
- Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or significant effects (see Section 9)
8.3 How to Exercise Your Rights
To exercise any of these rights, please contact us at office@ibauae.com. We will respond to your request within:
- 30 days (UAE PDPL)
- One month (GDPR/UK GDPR), extendable by two months for complex requests
We may request identity verification before processing your request. There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.
8.4 Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:
- UAE: UAE Data Office (once fully operational)
- EU: Your local Data Protection Authority
- UK: Information Commissioner's Office (ICO) at ico.org.uk
9. Automated Decision-Making and Profiling
We do not currently engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you.
If this changes, we will update this Policy and, where required, obtain your explicit consent or provide you with the right to object and request human intervention.
10. Children's Privacy
Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
If you believe we have inadvertently collected personal data from a child, please contact us immediately at office@ibauae.com, and we will take steps to delete such data promptly.
11. Cookies and Similar Technologies
Our website uses cookies and similar tracking technologies to enhance your experience, analyse usage, and support our marketing efforts.
11.1 Types of Cookies We Use
- Strictly Necessary Cookies: Essential for website functionality; cannot be disabled
- Analytics Cookies: Help us understand how visitors interact with our website (Google Analytics)
- Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (Google Ads, Meta Pixel)
11.2 Managing Your Cookie Preferences
When you first visit our website, a cookie consent banner allows you to accept or reject non-essential cookies. You may change your preferences at any time by:
- Clicking the cookie settings link in the website footer
- Adjusting your browser settings to block or delete cookies
- Using opt-out tools provided by analytics and advertising networks
Please note that blocking certain cookies may affect website functionality.
12. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- SSL/TLS encryption for data in transit
- Encryption of data at rest where applicable
- Secure hosting through reputable infrastructure providers (Vercel)
- Access controls limiting staff access to personal data on a need-to-know basis
- Regular security assessments and updates
- Employee training on data protection and security practices
No method of transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.
13. WhatsApp Communications
When you contact us via WhatsApp:
- Your phone number, profile information, and message content are processed for customer service purposes
- Messages are processed by Meta Platforms, Inc. and may be stored on servers outside the UAE
- Meta's Privacy Policy applies to its processing of your data
- We retain WhatsApp communications for 12 months for service quality and record-keeping purposes
By initiating contact via WhatsApp, you acknowledge this processing. Alternative contact methods (email, telephone) are available if you prefer.
14. Third-Party Links
Our website may contain links to third-party websites, plugins, or applications. Clicking on these links or enabling these connections may allow third parties to collect or share data about you.
We do not control these third-party websites and are not responsible for their privacy practices or content. We encourage you to review the privacy policy of every website you visit.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons.
When we make material changes, we will:
- Update the “Last Updated” date at the top of this Policy
- Post the revised Policy on our website
- Where required by law, notify you by email or prominent website notice
We encourage you to review this Policy periodically. Your continued use of our website and services after any changes constitutes acceptance of the updated Policy.
16. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
International Business Advisors DMCC
The Dome Tower, Office 3001, Cluster N1
Jumeirah Lakes Towers, P.O. Box 643727
Dubai, United Arab Emirates
Email: office@ibauae.com
Phone: +971 (0)4 399 59 09
17. Governing Law
This Privacy Policy and any disputes arising from it shall be governed by the laws of the United Arab Emirates, without regard to its conflict of law provisions.
For individuals in the EU/EEA or UK, nothing in this Policy affects your rights under the GDPR or UK GDPR, including your right to lodge a complaint with your local supervisory authority.