Privacy Notice

Privacy Notice

INSIDE RISK MANAGEMENT FZCO (“INSIDE”, “we”, “us” or “our”) is committed to protecting personal data and ensuring transparency in relation to the services we provide, our website, our professional relationships, and our business operations.

 

This Privacy Notice explains how we process personal data in connection with:

  • our corporate website and communications;
  • our professional, advisory and intelligence-related services;
  • due diligence, reputational intelligence, third-party risk and related analytical services;
  • client onboarding, supplier management and business development activities; and
  • any related support, compliance or administrative functions.

This Privacy Notice is drafted primarily with reference to the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL”), together with applicable implementing regulations and instructions. Where mandatory data protection laws of other jurisdictions apply to specific processing activities, such laws shall apply to the extent legally required.

  1. Who We Are

Controller:
INSIDE RISK MANAGEMENT FZCO
Level 2 Central 1 Building
Dubai, United Arab Emirates
Email: info@intelligenceinside.ae
Website: www.intelligenceinside.ae

For the purposes described in this Privacy Notice, INSIDE generally acts as controller of personal data, except where otherwise agreed in writing or where a different legal role applies under a specific engagement.

  1. Nature of Our Services

INSIDE provides professional services in the areas of:

  • due diligence and reputational intelligence;
  • third-party risk analysis;
  • counterparties and exposure intelligence;
  • corporate intelligence and business information analysis;
  • public-source and documentary research;
  • integrity, compliance and risk support services;
  • enhanced background and reputational assessments in business and corporate contexts.

Our services are designed to support clients operating in regulated, high-exposure or cross-border environments by providing informational, analytical and risk-related support.

Unless expressly agreed otherwise in writing, our services do not constitute:

  • legal advice;
  • financial advice;
  • regulated credit scoring;
  • automated decision-making;
  • covert surveillance;
  • interception activities; or
  • unlawful collection of personal data.
  1. Categories of Personal Data We May Process

Depending on the nature of the relationship or service, we may process the following categories of personal data:

  1. Client and business contact data
  • name;
  • company name;
  • job title;
  • email address;
  • phone number;
  • office address;
  • billing and contractual information;
  • communication records.
  1. Corporate and professional profile data

Where relevant to the services requested by clients, we may process:

  • publicly available corporate roles and affiliations;
  • directorships, shareholdings and beneficial ownership references;
  • company registration references;
  • professional history and public business profiles;
  • publicly available media references linked to business or corporate contexts.
  1. Public-source intelligence data

Where relevant and lawful, we may process information obtained from:

  • official public registers;
  • corporate registries;
  • court or legal sources where lawfully accessible;
  • media and open-source materials;
  • lawfully licensed information providers;
  • other publicly available records.
  1. Website and interaction data

When you interact with us directly or via our website:

  • name;
  • company details;
  • email address;
  • phone number;
  • enquiry content;
  • meeting / event registration data;
  • technical website and session data.
  1. Technical and administrative data

For operational security and accountability:

  • access logs;
  • IP address;
  • device/browser information;
  • security and authentication records;
  • audit and communication logs.
  1. Sources of Personal Data

We may obtain personal data:

  • directly from you;
  • from clients and counterparties in the context of a specific engagement;
  • from publicly accessible sources;
  • from official or commercial registers lawfully accessible to us;
  • from lawfully contracted third-party providers;
  • from business communications and onboarding processes;
  • from our website and digital infrastructure.
  1. Purposes of Processing

We process personal data for the following purposes:

  1. Service delivery
  • evaluating and carrying out client instructions;
  • conducting due diligence, reputational intelligence and related analytical services;
  • preparing reports, summaries, findings and risk-related outputs;
  • supporting integrity, compliance and third-party risk reviews.
  1. Business and relationship management
  • client onboarding;
  • supplier and partner management;
  • contract management;
  • responding to enquiries and requests;
  • arranging meetings, demonstrations and follow-up communications.
  1. Security, legal protection and accountability
  • maintaining IT and communication security;
  • preventing misuse, fraud or unauthorised access;
  • documenting service integrity and traceability;
  • establishing, exercising or defending legal claims;
  • cooperating with competent authorities where legally required.
  1. Compliance and governance
  • complying with legal and regulatory obligations;
  • managing internal governance and audit requirements;
  • maintaining records related to contractual and professional obligations.
  1. Marketing and business communications

Where legally permitted, we may use limited business contact information to provide updates about our services, events, publications or professional activities. You may opt out from such communications at any time.

  1. Legal Basis for Processing

INSIDE processes personal data only where a lawful basis exists under applicable law.

Depending on the relevant processing activity, this may include:

  • necessity for performance of a contract or pre-contractual measures;
  • compliance with legal obligations;
  • processing of information lawfully made public through official or public sources, where permitted by law;
  • processing necessary for the establishment, exercise or defence of legal claims;
  • consent, where specifically required;
  • other grounds expressly permitted under applicable mandatory law.

Where personal data are processed in connection with client-mandated due diligence or reputational analysis, the legal basis may depend on the precise scope of the mandate, the category of data involved, and the applicable law governing the relevant engagement.

  1. Scope Limitations and Sensitive Data

INSIDE seeks to apply proportionality and data minimisation in all engagements.

As a general principle:

  • we do not intentionally process sensitive personal data, unless strictly required by law, clearly justified by the nature of the mandate, and lawfully permitted;
  • we do not conduct covert or unlawful collection methods;
  • we do not operate automated systems that make decisions with legal or similarly significant effects on individuals;
  • any analysis or report produced by INSIDE is intended as informational or advisory support, and final decisions remain the responsibility of the client.

Where a particular engagement requires a broader or more specific data protection framework, such engagement may be governed by separate contractual and privacy documentation.

  1. Role Allocation with Clients

INSIDE may act as:

  • controller, where we determine the means and purposes of our own processing activities; or
  • an independent professional service provider processing data within the scope of a client mandate, depending on the legal and factual structure of the engagement.

Clients remain responsible for their own downstream use of any reports, findings or outputs, including any internal decision-making, dissemination, retention, or integration with other systems.

Where relevant, role allocation may be further specified in the engagement letter, service terms or specific contractual documentation.

  1. No Automated Decision-Making

INSIDE does not use personal data to carry out solely automated decision-making producing legal effects or similarly significant effects on individuals.

We may use technology-assisted tools to support:

  • search;
  • filtering;
  • correlation;
  • organisation;
  • document review;
  • summarisation.

However, any resulting output is intended to support human analysis and does not replace professional human judgment.

  1. Data Retention

INSIDE retains personal data only for as long as necessary for the purposes described in this Privacy Notice, including:

  • the duration of the client relationship or engagement;
  • reasonable post-engagement retention for legal, audit, defence or regulatory reasons;
  • operational and security retention periods for technical logs and records;
  • any mandatory retention period required by law.

Data no longer required are deleted, anonymised or securely archived, as appropriate.

  1. Data Sharing and Recipients

We may share personal data, where necessary and lawful, with:

  • authorised personnel within INSIDE;
  • group entities or affiliated entities, where relevant and lawful;
  • external advisers, lawyers, auditors or consultants;
  • technology and hosting providers;
  • lawfully contracted data providers;
  • counterparties necessary for service delivery;
  • competent authorities, where legally required.

We do not sell personal data.

We do not disclose personal data for third-party marketing purposes.

  1. Cross-Border Processing and Transfers

Because INSIDE may operate in cross-border and international contexts, personal data may be processed, accessed or transferred across multiple jurisdictions.

Where such transfers occur, INSIDE seeks to implement appropriate safeguards in accordance with applicable law, which may include:

  • contractual safeguards;
  • restricted access controls;
  • minimisation measures;
  • internal governance procedures;
  • appropriate technical and organisational protections.

Where specific engagements involve international data flows, transfer arrangements may be addressed in the relevant engagement documentation.

  1. Security Measures

INSIDE implements reasonable technical and organisational safeguards designed to protect personal data, including, where appropriate:

  • access controls and need-to-know restrictions;
  • authentication and credential protection;
  • secure infrastructure and endpoint protection;
  • audit logging;
  • encryption and secure communication measures;
  • incident handling and escalation procedures;
  • vendor oversight.

No method of storage or transmission is entirely secure, but we aim to maintain security measures proportionate to the sensitivity of the processing and the operational risks involved.

  1. Data Subject Rights

Subject to applicable law, individuals may have the right to:

  • request access to personal data;
  • request correction of inaccurate data;
  • request deletion where legally applicable;
  • request restriction of processing;
  • object to certain processing;
  • request portability where applicable;
  • lodge a complaint with a competent authority.

Where data originate from public or third-party sources, INSIDE may not always be able to correct the underlying source record directly. In such cases, we may, where appropriate:

  • annotate or limit internal use;
  • update our records;
  • direct the requester to the original source or competent controller.

Requests may be addressed to: info@intelligenceinside.ae

We may request evidence of identity before responding.

  1. Website, Cookies and Communications

Our website may use limited cookies or similar technologies necessary for:

  • website functionality;
  • security;
  • traffic and performance analytics;
  • communication management.

We do not use cookies or website technologies for unlawful behavioural profiling.

A separate Cookie Notice may be published where appropriate.

  1. Recruitment and Careers

Where individuals apply for positions or collaborate with INSIDE, we may process application and professional profile data for recruitment and evaluation purposes, in accordance with applicable law and internal retention policies.

  1. Updates to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in:

  • law or regulation;
  • operational structure;
  • services offered;
  • technology or vendors;
  • internal governance.

The latest version will be published with the updated effective date.

 

  1. Contact

For privacy-related enquiries or requests, please contact:

INSIDE RISK MANAGEMENT FZCO
Level 2, The Offices 1

One Central District

Dubai World Trade Centre,

PO Box 114142, Dubai UAE

Dubai, United Arab Emirates
Email: info@intelligenceinside.ae

  1. Important Notice

This Privacy Notice provides general transparency regarding INSIDE’s own processing activities.

Depending on the nature of the engagement, specific services, reports or cross-border assignments may be governed by additional contractual, compliance or privacy documentation.

Clients, users and counterparties remain responsible for their own independent compliance obligations under applicable data protection laws.

 

Discover our services:

Background
& Due Diligence
Defensive & Counter-Surveillance Technologies

Contacts

DUBAI OFFICE EMIRATES – DUBAI
Level 2 Central 1 Building
Dubai World Trade Center

Ph. +971 4 523 2471

info@intelligenceinside.ae

Get in Touch