Privacy Policy

1. Introduction

​

This Privacy Policy explains how Marensa Advisory FZ-LLC collects, uses, stores, and protects personal information obtained through our website, email communications, and professional engagements.

​

We are committed to safeguarding the confidentiality, integrity, and security of your personal and business data in accordance with applicable data protection and privacy laws, including:

​

• Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

• European Union General Data Protection Regulation (GDPR)

• UAE Federal Data Protection Law No. 45 of 2021

• and other relevant local or international privacy frameworks.

 

By using our website or engaging our services, you consent to the practices described in this Privacy Policy.

 

2. Information We Collect

​

We may collect the following categories of information:

A. Information You Provide Directly

• Name, company name, title, and contact details (email, phone, address)

• Business registration details, KYC or due diligence documents (if applicable to service engagement)

• Billing and payment information for invoicing and accounting purposes

• Any information voluntarily submitted via contact forms, questionnaires, or client onboarding forms

 

B. Information Collected Automatically

When you visit our website, we may collect:

• IP address and general location data (country or city-level)

• Browser type, device type, and operating system

• Pages visited, time spent on the website, and referral links

 

This data helps us improve site performance and ensure regulatory-grade security.

 

3. Purpose of Collection and Use

​

We collect and use personal information only for legitimate business and regulatory purposes, including:

• To provide and manage compliance advisory and consulting services

• To communicate with you regarding proposals, engagements, and updates

• To process invoices and manage client accounts

• To meet contractual, legal, and regulatory obligations (e.g., KYC, AML checks, record retention)

• To enhance website functionality and improve client experience

• To comply with professional, ethical, and audit requirements

 

We will not sell, lease, or share your information with third parties for marketing purposes.

 

4. Legal Basis for Processing (GDPR-compliant)

 

Where the EU GDPR applies, we rely on one or more of the following legal bases to process your data:

• Contractual necessity – to perform our obligations under a service agreement or engagement letter.

• Legal obligation – to comply with AML/CFT, tax, or regulatory reporting requirements.

• Legitimate interests – to operate, protect, and improve our professional services.

• Consent – for communications or marketing where consent is explicitly required.

 

5. Data Retention

​

We retain personal information only for as long as necessary to:

• Fulfill the purposes for which it was collected;

• Meet legal, regulatory, or accounting record-keeping obligations (typically 5–7 years for compliance engagements); or

• Defend or establish legal claims.

 

When information is no longer required, it will be securely deleted or anonymized.

 

6. Data Security

​

We maintain robust administrative, technical, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

Security measures include:

• Encrypted storage and secure cloud environments;

• Role-based access control for staff and consultants;

• Regular system monitoring and data backup protocols; and

• Confidentiality agreements for all personnel handling sensitive data.

 

However, please note that no online transmission or storage system is completely secure. We cannot guarantee absolute protection but take all reasonable steps to minimize risks.

​

7. Data Sharing and Transfers

​

We may share information only under the following conditions:

• With third-party service providers (e.g., IT hosting, accounting, or legal partners) bound by confidentiality and data protection obligations;

• With regulators, auditors, or competent authorities when required by law;

• Across affiliated offices or subsidiaries to fulfill client engagements (subject to equivalent privacy protections).

 

If your data is transferred internationally (e.g., between the EU, UAE, or Canada), we ensure adequate safeguards such as Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.

 

8. Your Rights

​

Depending on your jurisdiction, you may have the right to:

• Access – request a copy of your personal data we hold;

• Rectify – correct inaccurate or incomplete information;

• Erase – request deletion of data no longer required;

• Restrict or object – limit processing or object to specific uses;

• Data portability – receive your data in a structured, commonly used format; and

• Withdraw consent – where processing is based on your consent.

 

To exercise these rights, please contact us  using the details below or by email ______________. We may request verification to confirm your identity before processing your request.

​

9. Cookies and Analytics

​

Our website uses cookies and analytics tools (e.g., Google Analytics) to understand user interaction, enhance performance, and maintain website security.

​

You can manage or disable cookies through your browser settings, though this may affect website functionality.

​

10. Marketing Communications

​

We may occasionally send regulatory updates, newsletters, or compliance insights.
You can opt out of these communications at any time by clicking “unsubscribe” or contacting us directly.
We will not send marketing messages without your prior consent where required by law.

​

11. Links to Third-Party Sites

​

Our website may contain links to external resources or regulatory bodies (e.g., FATF, FINTRAC, DFSA).
We are not responsible for the content, privacy, or security practices of those third-party sites.

​

12. Children’s Privacy

​

Our services are intended for professional and business users.
We do not knowingly collect or process personal data from individuals under 18 years of age.

​

13. Updates to This Policy

​

We may update this Privacy Policy periodically to reflect changes in legal requirements or business practices.
The updated version will be posted on our website with a new “Last Updated” date.
We encourage you to review it regularly.

​