Privacy Policy

Last Updated on May 2024

BSA and/or its affiliates and entities (collectively “BSA”, “we” or “us” or” our”) values your security and privacy. BSA is required to comply with certain laws and regulations with jurisdictions where they operate in relation to data protection including DIFC Law No. 5 of 2020 and its amendment DIFC Law No. 2 of 2022 (the “DP Law”), and may for certain types of personal data processing, be subject to laws from other jurisdictions.

BSA is a regional law firm in the Middle East established 20 years ago with 9 offices across 5 countries. Our diverse team of 150 lawyers are from 35 different cultural backgrounds.

We are market leaders in new and evolving sectors, partnering with our clients towards a sustainable, progressive future. More than just a law firm, we pride ourselves on being connective: sparking collaboration, creating synergy, driving change. 

Our Privacy Policy (“Policy”) is designed to outline how we handle and protect your data in various scenarios, notably when you:

  • visit our website, www.bsabh.com or affiliated sites (“Website” or “Site”)
  • use our onboarding application,
  • engage with BSA for our services,
  • apply for a position at BSA.

We may also collect personal data about you from third parties as further explained below.

1. WHAT PERSONAL INFORMATION DO WE COLLECT

If you are a visitor to the Site, we may collect:

Information you provide when you contact us, register for newsletters or other subscription services. The personal information you give us may include your name, address, e-mail address and phone number, certain device information, residential building, work address, photograph, and other information you choose to provide.

We may also collect:

  • Technical information, including the type of mobile device you use, a unique device identifier (for example, mobile network information, your mobile operating system, the type or mobile browser you use, device token, device type, time zone setting (“Device information”).
  • Details of your use of our Website services but not limited to traffic data, and other communications data, and the resources that you access (“Log information”).
  • Location information if you want to use the Website services to determine your current location.
  • Demographic information which may include but is not limited to, age/birth date, current residence, gender, mobile network information, device location, your mobile operating system, the type of browser you use, browsing history information, searching history information, etc.. (“Demographic information”)

If you are an individual client or prospective individual client completing the onboarding and KYC form on our onboarding application or otherwise, we will collect:

  • Name and job title.
  • Contact information, including the company you work for and email address, where provided.
  • Payment information.
  • Information that you provide to us as part of us providing the services to you, which depends on the nature of your instructions to BSA.
  • Relevant information as required by Know Your Client and/or Anti-Money Laundering regulations and as part of our client intake procedures. This may possibly include evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with clients, which we may request and/or obtain from third party sources. The sources for such verification may comprise documentation which we request from you or through the use of online sources or both.
  • Information you provide to us for the purposes of attending meetings and events, including dietary requirements which may reveal information about your health or religious beliefs.
  • Other information relevant to provision of services.

We may also collect personal data of third parties such as (by way of example):

  •  any of our corporate clients' or prospective clients' officers or personnel
  • any opponent or agreement counterparty (e.g., vendor or purchaser)
  • personal information relating to client’s legal advisors, other advisors.

If you are a potential recruit to join BSA, we may collect:

  • Name and job title.
  • Contact information including email address.
  • Curriculum vitae, including your age and/or gender if you provide it to us, your education, employment history and similar matters and similar information that you may provide to us.
  • Other information relevant to potential recruitment to BSA.

    2. HOW DO WE USE YOUR PERSONAL INFORMATION

We may use your information for the following purposes:

  • verify your identity,
  • deliver our services,
  • improve, develop and market new services,
  • carry out requests made by you in relation to our services,
  • investigate or settle inquiries or disputes,
  • comply with any applicable law, court order, other judicial process, or the requirements of a regulator,
  • enforce our agreements with you,
  • protect the rights, property or safety of us or third parties, including our other clients and users of the Site or our services,
  • with recruitment purposes, and
  • use as otherwise required or permitted by law.

3. WHAT IS OUR LEGAL BASIS TO USE OR PROCESS YOUR PERSONAL INFORMATION

  • Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
  • Consent: in some cases, we may rely on your explicit consent to process your personal data for one or more specific purposes.

4. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH

We may share your Personal Data with:

  • BSA affiliated entities, to the extent permissible by law.
  • With vendors, consultants, marketing and advertising partners, and other service providers who need access to such Personal Data to carry out on our behalf or to perform a contract we enter into with them.
  • If we otherwise notify you and you provide your affirmative opt-in to share your data, where needed.
  • In response to a request for information by a competent authority or government entities if we determine that such disclosure is in accordance with, or is otherwise required by any applicable law, regulation, or legal process.
  • With law enforcement officials, government entities or authorities or other third parties are required by applicable law.
  • With third parties in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing or acquisition of all or a portion of our business by or into another company; or
  • With third parties in an aggregated and/or anonymized or pseudonymized form that cannot reasonably be used to identify you.
  • In some circumstances we are legally obliged to share information with public authorities or law enforcement agencies. For example, we may be required to provide information related to a court order or investigations. In any scenario, we’ll attempt to satisfy ourselves that we have a lawful basis on which to share the information, document our decision making and satisfy ourselves that we have a legal basis on which to share the information.


5. WHERE DO WE TRANSFER YOUR DATA TO

In order to conduct our operations or fulfill regulatory obligations, we must transfer the Personal Data described in this Policy to and from, and process and store in it, the United Arab Emirates and (where applicable or required) with processors in other countries, some of which may have less protective privacy laws than those where you reside. In all such cases, and generally for any processing operations, we take appropriate security measures to protect your Personal Data in accordance with this Policy.


6. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR

Generally, we will retain relevant personal information for at least six years from the date of our last interaction with you and in compliance with our obligations under applicable laws in the United Arab Emirates and the Dubai Financial Services Authority. We may store your personal data for a longer time if we are required to do so according to our regulatory obligations or professional indemnity obligations.


7. YOUR RIGHTS AND CHOICES 

a) Marketing and Preferences
BSA supports Users’ legal rights to opt-in or subsequently opt-out of receiving communications from us and our partners. You have the option to ask us not to process your Personal Data for marketing purposes and to remove it from our database, to not receive future communications or to no longer receive our Website services.

b) You may change your preferences at any time
Please note that we may continue to send you transactional or service-related e-mails despite your desire to not receive promotional or marketing e-mail messages. Additionally, please note that if you elect to opt-out of or unsubscribe from receiving promotional or other similar e-mails or messaging from one of our Website services, you may continue to receive promotional emails from our other websites, providers, or other, non-affiliated marketers whose services you may have accessed via BSA Website services.

Finally, while we may remove your individual contact information from our professional contacts database, please be aware that if such information is in a different, third party's marketing directory through your request or election, you will need to request removal with such third party directly.

c) Access to and Correction of Your Personal Information
You have the right to access information held about you. Your right of access can be exercised for any reason, at any time, in accordance with DIFC and other applicable laws.

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

You may also request that we restrict the processing of, erase, transfer the information you gave us from one organization to another, or otherwise process your Personal Data in line with the relevant articles providing for such rights set out in the DP Law or other applicable laws.

Any access request generally comes at no cost to you, and we must respond within one month unless provided otherwise by the DP Law or other applicable laws. We may, where permissible, impose a reasonable fee to meet any extraordinary administrative costs in providing you with details of the information we hold about you.

When you contact us about a potential Personal Data error or query, we will endeavour to confirm or verify the information in question, then correct verified inaccuracies and respond to the original inquiry. We will endeavour to send a correction notice to businesses or others whom we know to have received the inaccurate data, where required and / or appropriate. However, some third parties and third-party sites may continue to process inaccurate data about you until their databases and display of data are refreshed in accordance with their update schedules, or until you contact them personally to ensure the correction is made in their own files.

As set out in Article 39 on the DP Law, we may not discriminate against you for exercising your rights by denying services or changing prices or quality of service, unless reasonable to do so in general, as objectively determined, and applicable to all individuals offered or receiving such benefits.


8. SECURITY PRECAUTIONS

BSA makes every effort to ensure that your personal data is secure on its system. BSA has staff dedicated to maintaining our data protection and security policies, periodically reviewing them and making sure that BSA employees are aware of our data protection and security practices. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, BSA cannot warrant or guarantee the security of any personal data you transmit to us, and you do so at your own risk.

BSA has established policies and procedures for securely managing information and protecting personal data against unauthorized access. We continually assess our data privacy, information management and security practices. We do this in the following ways:

  • Establishing policies and procedures for securely managing information.
  • Limiting employee access to viewing only necessary information in order to perform his or her duties.
  • Protecting against unauthorized access to Personal Data by using data encryption, authentication and virus detection technology, as required.
  • Requiring service providers with whom we do business to comply with relevant data privacy legal and regulatory requirements.
  • Monitoring our website through recognized online privacy and security organizations.
  • Engaging in regular third-party audits of our policies and practices; and
  • Conducting background checks on employees and providing training to our employees.

If you have any further questions about our security and processing activities, please contact the Data Protection Officer. To the extent permitted by applicable law, BSA expressly disclaims any liability that may arise should any other third parties obtain the Personal Data you submit through fraud or otherwise where it is no fault of BSA.


9. COOKIES

A cookie is a small text file that is unique to the web browser on your computer or mobile device, which is used to retain user preferences, and enhance browsing experience ("Cookie"). BSA uses Cookies to track overall Site usage and enables us to provide a better user experience. We do not use Cookies to “see” other data on your computer or determine your email address.

Types of cookies we drop, and the information collected using them include but are not necessarily limited to:

Essential
Google Tag Manager - helps make tag management simple, easy and reliable by allowing marketers and webmasters to deploy website tags all in one place.

 Site Analytics
Google Analytics - gives website owners the digital analytics tools needed to analyze data from all touchpoints in one place, for a deeper understanding of the customer experience.

 Advertising

  • DoubleClick - a subsidiary of Google which develops and provides Internet ad serving services.
  • Twitter Advertising - enables website owners to track and measure the actions users take after viewing or engaging with ads on Twitter.
  • Instagram Advertising - lets website owners measure, optimize and build audiences for advertising campaigns.
  • LinkedIn Analytics – enables website owners to promote their company updates to targeted audiences on desktop, mobile, and tablet.


Most browsers accept and maintain Cookies by default. We are require by law to set such collection methods to collect the bare minimum, necessary cookies in order to operate the relevant website. Check the ‘Help’ or ‘Settings’ menu of your browser to learn how to change your Cookie preferences. You can choose to alter Cookies settings related to the use of our Website services, but this may limit your ability to access certain areas of the Website.

Alternatively, you may wish to visit an independent source of information, www.aboutcookies.org, which contains comprehensive information on how to alter settings or delete Cookies from your computer as well as more general information about Cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual or network operator for advice.

10. CHANGES TO THIS POLICY

BSA may change this Policy from time to time and without notice. If we make significant changes in the way we treat your Personal Data, or to the Policy, we will endeavour to provide you notice through the Website services or by some other means, such as email. Your continued use of the Website services after such notice constitutes your understanding of the changes. We encourage you to periodically review this Policy for the latest information on our privacy practices. We provide links to it through:

  • The Website Services
  • Incorporating it into our contracts, agreements, and other documents as necessary or appropriate

    11. CONTACT US

If you have any questions, comments or complaints relating to this Policy or the way we collect and use your personal data, please note that BSA has appointed a Data Protection Officer (“DPO”) in accordance with Article 16 of the DPL. The DPO may be contacted using the below address or telephone number+971 4 528 5555, or via email at Compliance@bsabh.com

Physical address: Precinct Building 3, Level 6, Office 605, Dubai International Financial Center, Dubai, United Arab Emirates.

You also have the right to submit a complaint to the DIFC Data Protection Commissioner in relation to our handling of your data.

You may also contact the DIFC Commissioner of Data Protection’s Office at:
Dubai International Financial Centre Authority
Level 14, The Gate Building
+971 4 362 2222

commissioner@dp.difc.ae