Privacy Policy

Privacy Policy Information

1. PRELIMINARY

1.1 Thank you for visiting our Platform (as defined below). Your privacy and Personal Data (as defined below), together with its protection is of paramount importance to us. We are committed to the protection of your Personal Data.

1.2 The purpose of this policy (Privacy Policy) is to set out how KARM Advisory Management Consultancy LLC, which is doing business under the branding and name ‘KARM Business’ (Company, KARM, we, us, our) incorporated under the Emirate of Dubai, United Arab Emirates (UAE) processes your Personal Data (as defined below).

1.3 This Privacy Policy governs the data collection, processing, and usage practices that KARM implements in respect of the Personal Data obtained in relation to and through our service offerings (Services). It also describes your choices regarding use, access, and correction of your Personal Data. Personal Data for the purpose of this Privacy Policy includes any data or information relating to you which may, by itself, or in combination with other data or information, be able to identify you (Personal Data).

1.4 It is important that you read this Privacy Policy together with any other Personal Data processing notice we provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your Personal Data. By visiting, accessing, or using the website and corresponding medium through which we provide our Services (Platform), you consent to this Privacy Policy and to the data processing purposes and practices stated in it. If you do not agree with the data processing purposes and practices stated in this Privacy Policy, you may choose to stop using the Platform and the Services.

1.5 We periodically update this Privacy Policy, and we encourage you to review it periodically. Unless specified otherwise, any changes to this Privacy Policy shall be effective as and when they are published on the Platform.

2. PURPOSE AND LAWFUL BASIS

2.1 This Privacy Policy has been developed for purposes of compliance with Federal Decree Law No. 45/2021 on the Protection of Personal Data (PDPL).

2.2 Without the necessary information about you, we may not be able to provide you with the Platform, or the support you request. Some of the Personal Data we obtain is collected to comply with applicable laws and regulations, including anti-money laundering laws. This Privacy Policy explains:

  1. The types of Personal Data we collect;
  2. How we use your Personal Data;
  3. Types of information we disclose to third parties and the types of such third parties;
  4. How we transfer your Personal Data; and
  5. How and when we protect your Personal Data.

2.3 We may rely on your consent to process your Personal Data, where applicable. However, we may also process your Personal Data (whether provided directly by you, whether collected by us, or received by us from third parties or otherwise) to satisfy any legal obligations arising from any contracts entered into/ with/ involving you or to provide the Platform to you which you have contracted with us to provide to you; or to take steps at your request prior to entering into a contract with you.

2.4 By visiting, applying or signing up on our Platform, you authorize and consent to our obtaining from, and disclosing to, third parties any Personal Data about you as stated in this Policy. Such Personal Data processing, sharing, transfers may be in connection with identity or account verification, fraud detection, or collection procedure, or as may otherwise be allowed or required by applicable law.

2.5 Where consent is the lawful basis we have relied on to process your Personal Data, you can withdraw your consent as regards the processing of your Personal Data. Such withdrawal will not affect the lawfulness of earlier processing undertaken by us insofar it was in compliance with this Privacy Policy. Such withdrawal will take effect within 30 (thirty) calendar days of submission of request. If you wish to submit such a request, please contact us at hello@karmbusiness.com.

2.6 The specific Personal Data we collect, the method by which we collect such data, the purposes for which we collect such data, how we share such information, and how long we retain such data is explained individually, specifically for your clear, simple, and withdrawable consent below in this Policy.

3. PERSONAL DATA PROTECTION PRINCIPLES

Your Personal Data is processed in accordance with the relevant data protection principles, including lawfulness, fairness, and transparency; purpose limitation; collection limitation; data minimization; accuracy; rectification measures; storage limitation; integrity and confidentiality (security); and with due consideration to the applicable laws and regulations including but not limited to PDPL.

4. INDIVIDUALS FROM WHOM WE COLLECT PERSONAL DATA

4.1 A customer is an individual whose Personal Data we process as a data controller, which would typically be (i) the visitors of the Platform; (ii) individuals who sign-up or are onboarded as users, customers or recipients of Services, to avail of any of our Services; and (iii) representatives of third party service providers who interact with us to fulfil their contractual obligations with us (collectively, the Customers). 4.2 We collect Personal Data through various means, including but not limited to:
  1. Directly from you: When Customers voluntarily provide information by signing up on our Platform, (including by submitting forms), or communicating with us.
  2. Automatically through use of our platforms including through cookies, log data, and analytics tools that track usage patterns and preferences while Users interact with our Platform;
  3. From third-party sources such as public authorities, including Government of Dubai entities, and other third parties who lawfully share data with us;
  4. Through our interactions with service providers and partners, where their representatives may share relevant Personal Data as part of fulfilling contractual or engagement-related obligations.

5. INFORMATION WE PROCESS, LAWFUL BASIS, PURPOSE, AND MODES OF COLLECTION

5.1 We will only use your Personal Data in a legally compliant manner. All our use and processing of your Personal Data will fall under the following heads:

  1. Where we need to perform the services pursuant to a contract to which you a party or in order to take steps at the request of yourself prior to entering into a contract.
  2. Where processing is necessary for compliance with a legal obligation to which we are subject under applicable laws.

5.2 We may use and process your Personal Data to provide you Services in the following ways:

  1. Providing business solutioning and management services;
  2. Communicating with you in respect of the Services and the promotion of our Services;
  3. Managing our business relationship with you (or your organisation), whether in connection with the provision of our legal services, the procurement of your goods and services, or as your employer (or potential or former employer), including processing payments, accounting, auditing, billing and collection and related support services;
  4. Complying with our legal obligations, including with respect to legal and regulatory considerations (e.g. anti-money laundering and sanctions checks, audits, enquiries by regulatory authorities);
  5. Managing and securing access to our premises and information technology systems, and monitoring the technology side of our operations;
  6. Keeping your contact details accurate and current using information provided by you, or information publicly available;
  7. To facilitate the internal record keeping with regards to the Services availed by yourself.
  8. To conduct data analyses functions and generate operational reports for usage of our services.
  9. To respond to your inquiries or other requests received.
  10. For any purpose related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us.

5.3 Personal Data When Processed Without Consent: We my process your Personal Data without your knowledge or consent; and only where this is required or permitted by law. In general, the Personal Data submitted to us, is used either to respond to requests you make or to aid our service to you. KARM may be compelled to surrender information to legal authorities without express User consent, if presented with a court order or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or other applicable jurisdiction.

5.4 Promotional Information: We operate a client relationship management email mailing list program, which we use to inform clients and other contacts about our services, including our publications and events. Such marketing messages may contain tracking technologies in order to track subscriber activity relating to engagement, demographics and other data, and to build subscriber profiles. We use this as a means by which to undertake direct marketing. If you would like to cease receiving marketing materials from us at any time, please let our team know directly. You can also change your preferences for receiving our marketing emails and legal updates from us at any time, and you can unsubscribe by following the instructions specified in our marketing emails or via the websites. Please update your details by contacting our team by email at

5.5 You undertake that all Personal Data provided to us by you is true, complete, and accurate and you must notify us of any changes to such Personal Data.

5.6 We do not knowingly collect data from, or market to, children below the legal age as established under their relevant domestic laws, but in no event from children below the age of 18 (eighteen) years. By using the Platform, you represent that you are at least 18 (eighteen) years of age or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Platform. If we learn that Personal Data from Customers who are less than 18 (eighteen) years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

6. AGGREGATED, ANONYMISED AND DE-IDENTIFIED INFORMATION

6.1 We may also create, process, collect, use, and share aggregated, anonymised, or de-identified data such as statistical or demographic data for any purpose as permitted under applicable laws. We may analyse such aggregated and anonymized information in a manner to further enhance the level of the Platform that we offer on our Platform for business or research purposes, including improving and customizing the Platform for ease of use. Such information also includes average number of Customers of the Platform, the average clicks on the Platform, the features used, the response rate, etc. and other such statistics regarding groups or individuals. In doing so, we shall not be making disclosures of any Personal Data as such information will then no longer identify you as an individual person and we ensure that ensures the data is put beyond further use, despite being derived from your Personal Data. We may archive this information to use it for future communications for providing updates and/or surveys. Furthermore, we may also use this information to comply with legal or regulatory obligations.

7. WHEN WE MAY DISCLOSE THE PERSONAL DATA

7.1 Your Personal Data may, for the purposes set out in this Privacy Policy, be disclosed within or outside of the UAE for processing to the following groups of recipients:
  1. our employees, our affiliates, and their employees.
  2. our third-party consultants, (sub-)contractors, suppliers or other service providers who may access your Personal Data when providing services to us (including information technology support services);
  3. auditors, contractors or advisers auditing, assisting with or advising on any of our business purposes;
  4. analytics and search engine providers that assist in the improvement and optimisation of our Platform;
  5. our successors in title, our prospective sellers, or buyers of our business or to our affiliates when we have a merger or re-organisation;
  6. government bodies and law enforcement agencies, including in response to legal / regulatory requests;
  7. any third-party where such disclosure is required in order to enforce any terms and conditions pertaining to our Platform or any other agreement; and
  8. protect the rights, property, integrity, or security of our company, our Customers, or others (including, without limitation, you).
7.2 Where your details are provided to any other party in accordance with an express purpose, we will require them to be kept safe and secure your Personal Data and only use it for the intended purpose.

8. SAFEGUARDS FOR INTERNATIONAL TRANSFERS

8.1 Your Personal Data is stored and transferred in compliance with applicable UAE regulations.

8.2 You should be aware that certain third-party service providers, including, without limitation, the groups of recipients stipulated above as well as customer support providers, may be located in, or have facilities that are located outside the UAE. We may transfer of Personal Data outside the UAE, and we shall do so only when the country or territory to which the Personal Data is to be transferred (i) has a bilateral or multilateral agreements related to Personal Data protection with the UAE or (ii) has special legislation on personal data protection therein, including the most important provisions, measures, controls, requirements and rules for protecting the privacy and confidentiality of the your Personal Data and their ability to exercise their rights, and provisions related to imposing appropriate measures on the controller or processor through a supervisory or judicial authority.

8.3 However, some of the international organizations and countries to which your Personal Data may be transferred do not benefit from an appropriate data protection regulatory framework. For such international organizations and countries, we shall transfer your Personal Data, only upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards.

8.4 We may also transfer your Personal Data to recipients outside the UAE based on the following grounds (i) if such transfer is necessary for judicial processes; or (ii) if such transfer is necessary for entering into or performing a contract between us and you; or (iii) between us and a third party for your interests; or (iv) if such transfer is necessary for an act relating to international judicial cooperation; or (v) if the transfer is necessary for protection of public interest. We shall notify you with regards to the specific safeguard we shall adopt in transferring your Personal Data to such an international organization and/or country if you require such data. Insofar as the transfer of your Personal Data does not fall under these above-mentioned categories, we may still need to transfer your Personal Data to the groups of recipients listed in section 7, with your express consent. You provide your express and unequivocal consent, through the acceptance of this Privacy Policy for such transfer.

8.5 If you choose to proceed with a feature on the Platform that requires the involvement of a third-party service provider, then your Personal Data may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

8.6 Please contact us (at: hello@karmbusiness.com) if you want further information on the specific mechanism used by us when transferring your Personal Data.

9. SECURITY OF PERSONAL DATA

9.1 Information security
  1. We are committed to ensuring that your Personal Data is secure. The Internet is not a secure medium. However, we have put in place a range of security procedures, as set out in this Privacy Policy.
  2. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the Personal Data we collect via our Platform. We use industry-standard technical mechanisms and ensure that our affiliates or vendor entities use data encryption technology while implementing restrictions related to the storage of and the ability to access your Personal Data.
  3. We will use reasonable endeavours to implement appropriate policies, rules, and technical measures to protect the Personal Data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction, or accidental loss.
  4. Our facilities are scanned on a regular basis for security holes and known vulnerabilities, to best ensure its security. Your Personal Data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the Personal Data confidential.
9.2 No guarantee
  1. Please be aware that communications over the Internet, such as emails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered. While we make our best efforts to secure personal data and facilitate access to your Personal Data, it is important to note that no transmission over the internet or any method of electronic storage can be guaranteed to be absolutely 100% secure, and hence, we cannot accept responsibility for any unauthorised access or loss of Personal Data that is beyond our control.
  2. Without prejudice to our efforts on protection of your Personal Data, nothing contained in this Privacy Policy constitutes a warranty of security of the facilities, and you agree to transmit data at your own risk.
  3. Please note, that we do not guarantee that your Personal Data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Please, always check that any website on which you are asked for financial or payment information in relation to our Platform is in fact legitimately owned or operated by us.
9.3 If you do receive any suspicious communication of any kind or request, do not provide your information and report it us by contacting our offices immediately at hello@karmbusiness.com. Please also immediately notify us at hello@karmbusiness.com, if you become aware of any unauthorized access to or use of your account. 9.4 Furthermore, we cannot ensure and do not warrant the security or confidentiality of data transmitted to us or sent and received from us by internet or wireless connection, including email, phone, instant messaging service or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us at hello@karmbusiness.com. 9.5 Data breaches Should your Personal Data be breached, and your financial and personal security be at risk, we shall promptly and immediately communicate to you the nature of the breach which has taken place, the likely consequences of such a breach and shall describe thoroughly the measures we have implemented to address the breach and to mitigate any and all adverse effects to you and your rights. In the unlikely event of a breach occurring, please reach out to us at hello@karmbusiness.com for further information and for further advise on how to mitigate the potential adverse effects of such a breach.

10. YOUR RIGHTS

10.1 We will take all reasonable steps to ensure that all information we collect, use, or disclose is accurate, complete, and up to date. Please contact us if your details change or if you believe the information, we have about you is not accurate or complete.

10.2 In some instances, you may also have the rights to:

  1. Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  2. Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
  3. Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which you will be notified of.
  4. Object to processingof your Personal Data and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which do not override your rights and freedoms.
  5. Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios (i) if you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  6. Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  7. Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain features of the Platform to you. We will advise you if this is the case.

11. HOW LONG WE KEEP PERSONAL DATA

11.1 We retain Personal Data on your behalf, including customer data, transactional data, and other session data, linked to your account.

11.2 Your Personal Data will be retained for no period longer than as required by us for the purposes it was collected for, for the purposes of using our Platform, and for meeting any legal, accounting, reporting, government, regulatory or law enforcement requirements. However, all Personal Data documents, records and files will be securely retained for a minimum of 5 (five) years. Such retention period shall be calculated from the date of closing of your account.

12. CONTACT US

12.1 If you have any queries or issues pertaining to your information or our Privacy Policy, then please do write to us at any time by emailing us at hello@karmbusiness.com.

Last Updated: 1st September 2025