top of page

Privacy Policy

1. Introduction

CAMLfort FZCO ("CAMLfort", "we", "us", or "our") is a financial compliance consultancy based in the Gulf Cooperation Council (GCC) region, serving clients globally. We are committed to protecting your privacy and handling your personal information with transparency and care.

This Privacy Policy explains:

  • What personal information do we collect and why

  • How we use, store, and protect your data

  • Your rights regarding your personal information

  • How to contact us with privacy concerns


Scope

This policy applies to all personal data we process through our website (camlfort.com), client engagements, and business operations.
Legal Basis: We process personal data in accordance with applicable data protection laws, including:
UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data
GCC data protection regulations
European Union General Data Protection Regulation (GDPR), where applicable
Other international data protection standards
By using our website or services, you acknowledge that you have read and understood this Privacy Policy.
 
2. Information We Collect


2.1 Personal Information You Provide
We collect information that you voluntarily provide when you:

  • Complete our "Contact Us" or "Talk to Our Experts" forms

  • Subscribe to newsletters or updates

  • Engage our services

  • Communicate with us via email, phone, or in person

This may include:

  • Contact details: Name, email address, telephone number, company name, job title

  • Inquiry details: Your message content, service interests, and preferences

  • Professional information: Business address, industry sector, role responsibilities

 

2.2 Client Service Information

 

When you engage CAMLfort, we may collect:

  • Corporate registration documents and business licenses

  • Identification documents (for KYC/AML compliance)

  • Beneficial ownership and shareholder information

  • Financial records and transaction data

  • Compliance questionnaires and risk assessments

  • Internal policies and procedures documentation

Purpose limitation: We only request information necessary to deliver our services and meet legal/regulatory obligations.

 

2.3 Automatically Collected Information

When you visit our website, we may collect:

  • Technical data: IP address, browser type and version, device type, operating system

  • Usage data: Pages viewed, time spent on pages, navigation paths, click patterns

  • Referral data: Website that directed you to us, search terms used

Collection methods: This data is gathered through cookies, web beacons, server logs, and similar technologies (see Section 4).

 

2.4 Third-Party Sources
We may receive information from:

  • Business partners and referral sources

  • Compliance databases and screening services (for due diligence)

  • Public records and regulatory filings

  • Professional networks and industry contacts

 

2.5 Special Categories of Data
Limitation: We do not intentionally collect sensitive personal information such as racial/ethnic origin, political opinions, religious beliefs, health data, biometric data, or genetic information through our website.
Age restriction: Our services are intended for business professionals. We do not knowingly collect information from individuals under 18 years of age. If you believe a minor has provided us with personal data, please contact us immediately at info@camlfort.com.

 

3. How We Use Your Information
3.1 Legal Bases for Processing
We process your personal information based on:

  • Contractual necessity: To perform our services under contract with you

  • Legitimate interests: To operate our business, improve services, and communicate effectively

  • Legal compliance: To fulfill regulatory and legal obligations

  • Consent: For marketing communications and optional services (where required by law)

 

3.2 Purposes of Processing
Service Delivery

  • Provide compliance consulting, regulatory advisory, and related services

  • Develop risk assessments and regulatory roadmaps

  • Support license applications and audit preparation

  • Implement AML frameworks and system integrations

  • Manage client relationships and project delivery

Communication

  • Respond to inquiries and support requests

  • Provide project updates and deliverables

  • Send administrative notifications (appointment confirmations, service changes)

  • Share relevant regulatory updates and industry insights

Marketing (with appropriate consent)

  • Send newsletters and thought leadership content

  • Notify you of new services or offerings

  • Invite you to webinars, events, or training sessions

  • Share case studies and success stories (anonymized unless consented)

Website Operations and Analytics

  • Analyze website usage patterns and visitor behavior

  • Improve website functionality, content, and user experience

  • Diagnose technical issues and optimize performance

Legal and Compliance

  • Fulfill Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations

  • Maintain audit trails and compliance records

  • Respond to regulatory inquiries and legal requests

  • Prevent fraud, financial crime, and security threats

  • Enforce our Terms and Conditions

  • Establish, exercise, or defend legal claims

Business Operations

  • Conduct internal research and development

  • Manage vendor and partner relationships

  • Perform accounting, auditing, and reporting

  • Ensure business continuity

Data retention principle: We only use your personal data for the purposes disclosed at collection, unless we determine a compatible related purpose is legally permitted.
 
3.3 Automated Decision-Making
We do not make decisions based solely on automated processing (including profiling) that produce legal effects or similarly significantly affect you. Any automated tools we use (e.g., compliance screening software) involve human review.

 

4. Cookies and Tracking Technologies

 

4.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us recognize your device, remember your preferences, and understand how you use our site.

 

4.2 Types of Cookies We Use
Essential Cookies (Always Active)

  • Purpose: Enable core website functionality

  • Examples: Session management, security features, form submission, secure area access

  • Cannot be disabled: These are necessary for the website to work properly

Analytics and Performance Cookies

  • Purpose: Understand website usage and improve performance

  • Provider: Google Analytics and similar services

  • Data collected: Page views, error reports

  • Opt-out: Available via browser settings or Google Analytics Opt-out Browser Add-on

Functionality Cookies

  • Purpose: Remember your choices and provide enhanced features

  • Examples: Language preferences, region settings, accessibility options

  • Third-party features: May include live chat widgets or social media integration

We do not currently use:

  • Advertising or targeting cookies

  • Cross-site tracking mechanisms

  • Third-party advertising networks

 

4.3 Managing Your Cookie Preferences
Browser controls: Most browsers allow you to:

  • View and delete cookies

  • Block all cookies (may affect functionality)

  • Block third-party cookies only

  • Receive alerts before cookies are stored

Instructions: Access your browser's help menu or settings for cookie management options.
Impact of disabling cookies: Blocking essential cookies may prevent:

  • Form submissions (including contact forms)

  • Access to secure areas

  • Proper display of website content

  • Personalized user experience

 

4.4 Other Tracking Technologies
We may also use:

  • Web beacons: Small graphics that help us count visitors and understand email effectiveness

  • Server logs: Automatically record information about your visits

  • Analytics scripts: Track user interactions and performance metrics

Your consent: By continuing to use our website, you consent to our use of cookies and tracking technologies as described. You can withdraw consent by adjusting your browser settings.

 

5. Information Sharing and Disclosure
Core principle: We do not sell, rent, or trade your personal information to third parties for marketing purposes.

 

5.1 Service Providers and Processors
We may share personal information with trusted vendors who provide:

  • Technology services: Website hosting, cloud storage, email platforms, CRM systems

  • Analytics services: Google Analytics, website performance tools

  • IT services: Technical support, cybersecurity, data backup

  • Professional services: Legal counsel, accounting, audit support

  • Communication tools: Email service providers, webinar platforms

Contractual safeguards: All service providers are bound by data processing agreements requiring them to:

  • Process data only for specified purposes

  • Implement appropriate security measures

  • Maintain confidentiality

  • Comply with applicable data protection laws

  • Delete or return data when services end

 

5.2 Affiliates and Business Partners
We may share information with:

  • Group companies: If CAMLfort becomes part of a corporate group

  • Project partners: Other consultancies or specialists collaborating on client engagements

  • Referral partners: Where necessary to fulfill services you requested

Same standards apply: All affiliates and partners must protect your information consistent with this policy.

 

5.3 Legal and Regulatory Disclosures
We may disclose personal information when required to:

  • Comply with applicable laws, regulations, or legal processes

  • Respond to valid requests from government authorities or regulators

  • Cooperate with law enforcement investigations

  • Enforce our contractual rights or Terms and Conditions

  • Detect, prevent, or address fraud, security issues, or illegal activities

  • Protect the rights, property, or safety of CAMLfort, our clients, or the public

Proportionality: We only disclose the minimum necessary information and challenge overly broad requests where appropriate.

 

5.4 Consent-Based Sharing
We will share your information with other parties when:

  • You explicitly request or direct us to do so

  • You provide specific consent for such sharing

  • It is necessary to fulfill your service request

 

6. Data Security

 

6.1 Security Measures
We implement comprehensive security controls, including:
Technical measures:

  • Secure, password-protected servers with access controls

  • Firewalls and intrusion detection/prevention systems

  • Regular security patches and updates

  • Secure backup and disaster recovery procedures

  • Multi-factor authentication for sensitive systems

Organizational measures:

  • Strict access controls (need-to-know basis)

  • Employee confidentiality agreements and training

  • Regular security audits and risk assessments

  • Vendor security requirements and monitoring

  • Secure disposal of physical documents (shredding)

 

6.2 Security Limitations
No guarantee of absolute security: While we implement industry-standard protections, no internet transmission or electronic storage method is 100% secure. We cannot guarantee complete security against:

  • Unauthorized access by sophisticated attackers

  • System failures or technical malfunctions

  • Breaches at third-party service providers

  • Social engineering or phishing attacks targeting you

Email communications: Email is not fully secure. Please avoid sending highly sensitive information via unencrypted email.

 

6.3 Your Security Responsibilities
You can help protect your information by:

  • Using strong, unique passwords

  • Not sharing login credentials

  • Being cautious of phishing attempts

  • Keeping your contact information updated

  • Reporting suspected security incidents promptly

 

6.4 Data Breach Response
In the event of a data breach that poses a risk to your rights and freedoms, we will:

  1. Contain and investigate the incident immediately

  2. Notify affected individuals without undue delay (within 72 hours where required by law)

  3. Report to the relevant data protection authorities as legally required

  4. Provide information about the breach, its likely consequences, and remedial measures

  5. Take steps to prevent future incidents

Report security concerns: If you suspect a security incident, contact us immediately at info@camlfort.com.

 

7. Data Retention

 

7.1 Retention Principles
We retain personal information only as long as necessary for:

  • The purposes for which it was collected

  • Compliance with legal and regulatory obligations

  • Establishment, exercise, or defense of legal claims

  • Legitimate business purposes (with appropriate safeguards)

 
7.2 Retention Periods
General inquiries and website visitors: 2-3 years from last interaction
Marketing communications: Until you unsubscribe, plus 2 years for suppression purposes
Client service data:

  • Duration of engagement plus 7-10 years (to meet regulatory recordkeeping requirements)

  • May be longer for certain compliance documentation as required by law

Financial records: 7 years minimum (to comply with tax and accounting regulations)
Legal claims: Until resolution plus applicable limitation periods

 

7.3 Secure Deletion
When data is no longer needed, we:

  • Securely delete or anonymize it

  • Ensure it cannot be reconstructed or recovered

  • Maintain records of deletion where required

  • Instruct service providers to delete data they hold

Archival exception: Some data may be retained in backup systems for a limited additional period for disaster recovery purposes, but will be isolated and not actively processed.

 

8. International Data Transfers

 

8.1 Cross-Border Data Flows
Our operational reality: CAMLfort operates primarily in the UAE and GCC region but uses global services. Your personal information may be:

  • Transferred to and stored in countries outside your location

  • Accessed by service providers in various jurisdictions

  • Processed in cloud infrastructure located worldwide

Common transfer scenarios:

  • UAE/GCC to European Union or United States (cloud services, analytics)

  • EU/UK to UAE (when you contact us or engage our services)

  • Between GCC countries (regional operations)

 

8.2 Transfer Safeguards
We ensure adequate protection for international transfers through:
For EEA/UK transfers:

  • European Commission Standard Contractual Clauses (SCCs)

  • UK International Data Transfer Agreement/Addendum

  • Adequacy decisions where available

  • Binding Corporate Rules (if applicable)

  • Your explicit consent (where required and after informing you of risks)

For GCC transfers:

  • Compliance with local data transfer requirements (UAE Data Office approvals where needed)

  • Contractual protections meeting GCC standards

  • Country-specific mechanisms (e.g., Saudi SDAIA requirements)

  • Risk assessments for restricted data categories

For other jurisdictions:

  • Contractual data protection clauses

  • Industry standard protections

  • Legal bases under applicable laws

 

8.3 Varying Data Protection Standards
Acknowledgment: Data protection laws differ globally. Countries where your data may be processed might have different standards than your home jurisdiction. However:

  • We apply consistent privacy principles globally

  • We maintain protections equivalent to those in your jurisdiction

  • We comply with the strictest applicable standard

Primary jurisdictions: Our data is commonly processed in:

  • United Arab Emirates

  • Saudi Arabia and other GCC states

  • European Union member states

  • United States

  • Other locations, as disclosed to you

 

Your consent to transfers: By using our services, you acknowledge and consent to international transfers as described, subject to the safeguards outlined above.

 

8.4 Questions About Transfers
For specific information about where your data is processed or transfer mechanisms used, contact info@camlfort.com.

 

9. Your Privacy Rights
We respect your control over your personal information. Subject to applicable law and verification of your identity, you have the following rights:

 

9.1 Right to Access
What it means: Request confirmation of whether we process your data and obtain a copy of it.
How to exercise: Email info@camlfort.com with your access request. We'll provide:

  • Categories of data we hold

  • Purposes of processing

  • Recipients or categories of recipients

  • Retention periods

  • A copy of the data in accessible format

Timeframe: Within 30 days (may be extended to 60-90 days for complex requests)

 

9.2 Right to Rectification
What it means: Request correction of inaccurate or incomplete personal data.
How to exercise: Notify us of any errors and provide correct information. We will update our records promptly and notify relevant third parties where appropriate.

 

9.3 Right to Erasure ("Right to Be Forgotten")
What it means: Request deletion of your personal data in certain circumstances.
When applicable:

  • Data is no longer necessary for the original purpose

  • You withdraw consent (where consent was the legal basis)

  • You object to processing, and no overriding legitimate grounds exist

  • Data was unlawfully processed

  • Legal obligation requires deletion

Limitations: We may retain data when required for:

  • Legal compliance (e.g., regulatory recordkeeping)

  • Establishment, exercise, or defense of legal claims

  • Contractual obligations

  • Public interest or official authority purposes

 

9.4 Right to Restriction of Processing
What it means: Request that we limit how we use your data in specific situations:

  • You contest data accuracy (during verification period)

  • Processing is unlawful, but you don't want erasure

  • We no longer need the data, but you need it for legal claims

  • You object to processing (pending verification of our legitimate grounds)

Effect: Data is stored but not actively processed until the restriction is lifted.

 

9.5 Right to Data Portability
What it means: Receive your data in a structured, machine-readable format and transmit it to another controller.
When applicable:

  • Processing is based on consent or contract

  • Processing is carried out by automated means

Format: Commonly CSV, JSON, or XML format

 

9.6 Right to Object
What it means: Object to processing based on legitimate interests or for direct marketing.
Direct marketing: You can object at any time, and we will stop immediately. Use "unsubscribe" links in emails or contact us.
Legitimate interests: You can object for reasons relating to your particular situation. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.

 

9.7 Right to Withdraw Consent
What it means: Where processing is based on consent, you can withdraw it at any time.
Effect: We stop processing based on that consent going forward. Does not affect lawfulness of prior processing or processing based on other legal grounds.

 

9.8 Right to Lodge a Complaint
What it means: Raise concerns with a supervisory authority if you believe we've violated your privacy rights.
Relevant authorities:

  • UAE: UAE Data Office (dataoffice.gov.ae)

  • Saudi Arabia: SDAIA (sdaia.gov.sa)

  • EU/EEA: Your local Data Protection Authority

  • UK: Information Commissioner's Office (ico.org.uk)

We prefer direct contact first: Please reach out to info@camlfort.com so we can address your concerns before escalation.

 

9.9 How to Exercise Your Rights
Contact us: Email info@camlfort.com with:

  • Clear description of your request

  • Specific right(s) you wish to exercise

  • Your contact information

  • Proof of identity (to prevent unauthorized disclosure)

 

Verification process: We may request additional information to confirm your identity, particularly for access, deletion, or portability requests.

 

Response timeframe: We respond within one month of receiving a valid request (may extend to three months for complex or numerous requests, with notification).

No fee: We don't charge for exercising your rights unless requests are manifestly unfounded, excessive, or repetitive.

Limitations: Some rights may be limited by local law. We will explain any limitations that apply to your request.

 

10. Children's Privacy
Age restriction: Our services are designed for business professionals and are not directed to individuals under 18 years of age.
No intentional collection: We do not knowingly collect personal information from children.
Parental notification: If we discover we have inadvertently collected data from someone under 18, we will delete it immediately.
If you're a parent/guardian: If you believe a minor has provided us with personal information, please contact us at info@camlfort.com with details so we can remove it.

 

11. Third-Party Links
Our website may contain links to third-party websites, applications, or services (e.g., social media platforms, partner sites, regulatory resources).
Not our responsibility: We are not responsible for:

  • Privacy practices of third-party sites

  • Content on external websites

  • Data collection by linked sites

 

Your due diligence: We encourage you to review the privacy policies of any third-party sites you visit. These external sites are not governed by this Privacy Policy.

 

No endorsement: Links do not imply endorsement of third-party sites or their privacy practices.

12. Marketing Communications

 

12.1 Consent and Opt-In
We send marketing communications only:

  • With your express consent (where required by law)

  • Based on legitimate interest (for existing client relationships, where permitted)

12.2 What We Send

  • Industry updates and regulatory insights

  • Newsletters and thought leadership content

  • Service announcements and new offerings

  • Event invitations and webinar notifications

  • Educational resources and training opportunities

12.3 Opting Out
Easy unsubscribe: Every marketing email includes:

  • Clear "unsubscribe" link

  • Alternative opt-out instructions

  • Email info@camlfort.com with "Unsubscribe" in the subject

  • Adjust preferences in your account settings (if applicable)

Processing time: We process opt-out requests within 5 business days.
Important note: Unsubscribing from marketing does not affect:

  • Transactional or service-related communications

  • Legal or regulatory notices

  • Administrative messages about your account

 

13. Changes to This Privacy Policy

 

13.1 Right to Modify
We may update this Privacy Policy to:

  • Reflect changes in our practices

  • Address new regulations or legal requirements

  • Improve clarity or transparency

  • Incorporate new services or technologies

 

13.2 Notification of Changes
Material changes: We will notify you by:

  • Updating the "Last Updated" date

  • Posting a prominent notice on our website

  • Sending email notification (for significant changes)

  • Obtaining renewed consent where required by law

Minor changes: Administrative updates or clarifications will be posted without additional notice.

 

13.3 Your Acceptance
Continued use of our website or services after changes constitutes acceptance of the updated policy, provided any required consent has been obtained.
Disagreement: If you don't accept changes, discontinue use and contact us about data removal.

 

14. Contact Information

 

14.1 Privacy Inquiries
Primary contact: info@camlfort.com
Subject line: Please include "Privacy Inquiry" or "Data Protection" for faster routing.
Data Protection Officer: For specific data protection matters, you may request to speak with our designated privacy contact.

 

14.2 What to Include
When contacting us about privacy matters, please provide:

  • Your full name and contact information

  • Nature of your inquiry or request

  • Relevant account or reference information

  • Preferred method and language for response

 

14.3 Response Commitment
We aim to respond to all privacy inquiries within:

  • Acknowledgment: 2 business days

  • Substantive response: 30 days (may be extended for complex matters)

 

14.4 Regulatory Contact
For formal complaints or regulatory matters, you may also contact the relevant data protection authority in your jurisdiction (see Section 9.8).

 

15. Governing Law
Governing Law: This Privacy Policy is governed by the laws of the United Arab Emirates and applicable GCC regulations, without prejudice to mandatory data protection laws in other jurisdictions where we operate or process data.
Severability: If any provision is found unenforceable, the remaining provisions remain in full effect.

bottom of page