Privacy Notice.

Last updated: December 2025

Welcome to Global Compliance Code ("we", "us", or "our"). This Privacy Notice describes how we collect, use, store, share, and protect personal data when you use our website (https://www.globalcompliancecode.com) or interact with our services.

By using our website or providing personal data, you agree to the practices described in this Privacy Notice.

1. Who We Are & Contact Information

Global Compliance Code
Email: privacy@globalcompliancecode.com

If you have any questions about this Privacy Notice or requests regarding your data (access, correction, deletion, etc.), please contact us at the email above.

2. Current Regulatory Status & Our Commitment

The UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, "UAE PDPL") came into effect on January 2, 2022. As of December 2025, the Executive Regulations that will provide detailed implementation guidance are pending issuance by the UAE Data Office. The UAE Data Office, established under Federal Decree-Law No. 44 of 2021, is also in the process of becoming fully operational.

Our Commitment:
Global Compliance Code is committed to full compliance with the UAE PDPL and is proactively implementing data protection measures in line with the law's principles and international best practices (including GDPR standards where applicable). We will update our privacy practices and this Notice as regulatory guidance becomes available and the UAE Data Office begins full operations.

This Notice reflects our current practices and our understanding of applicable UAE data protection requirements.

3. What Personal Data We Collect

We may collect the following categories of personal data, depending on how you interact with us:

Contact and Professional Information:

  • Name, company name, job title/role

  • Email address, phone number

  • Professional/business information (e.g., company size, industry, location, business use case) when you request consultation or services

Technical and Usage Data:

  • IP address

  • Browser and device information

  • Website usage logs and analytics data

  • Cookies and similar tracking technologies (subject to your consent where required)

Communications:

  • Any information you voluntarily submit through contact forms, inquiry forms, consultation requests, newsletter subscriptions, feedback, or direct communications with us

We collect this data when you:

  • Visit and use our website

  • Fill out contact, inquiry, consultation, or newsletter subscription forms

  • Communicate with us via email or other channels

  • Otherwise voluntarily submit personal data to us

4. Why and How We Use Your Data (Purposes & Legal Bases)

We process personal data for the following purposes and rely on the following legal bases under UAE PDPL:

Purposes:

  1. Service Delivery: To respond to your inquiries, requests, or support needs (e.g., compliance consultation, advisory services, assessments, compliance readiness reports)

  2. Service Management: To provide, manage, and improve our services

  3. Website Improvement: To improve our website, content, services, and user experience

  4. Legal Compliance: To comply with legal or regulatory obligations and industry standards relevant to our business

  5. Marketing Communications: With your explicit consent, to send newsletters, updates, and relevant information about our services

Legal Bases:

Under UAE PDPL, we rely on the following lawful bases for processing:

  • Consent: When you voluntarily provide data through contact forms, newsletter subscriptions, or explicitly agree to receive marketing communications

  • Contractual Necessity: When processing is necessary to fulfill your service request or deliver services you've engaged us for

  • Legitimate Interests: When we have a legitimate business interest (e.g., improving our services, website functionality, or business operations), provided such interests do not override your fundamental rights and freedoms

  • Legal Obligation: When required to comply with applicable laws and regulations

Consent Standards:

When we rely on consent as the legal basis for processing, we ensure such consent is:

  • Freely given and informed

  • Specific to the stated purpose

  • Clearly documented

  • Revocable at any time without affecting the lawfulness of processing conducted before withdrawal

You may withdraw your consent at any time by contacting us at privacy@globalcompliancecode.com.

5. Cookies & Tracking Technologies

Our website may use cookies, analytics tools, and similar technologies to collect usage data (such as pages visited, time on site, device/browser type, IP address) to help us improve the site and understand user behavior.

Cookie Categories:

  • Essential cookies: Necessary for website functionality

  • Analytics cookies: Help us understand how visitors use our website

  • Marketing cookies: Used with your consent for marketing purposes

Where required by applicable law or regulation, we will obtain your consent before using non-essential cookies or trackers. You may choose to disable cookies via your browser settings — however, note that this may affect the functioning or experience of the website.

For more information about our use of cookies, please refer to our Cookie Policy [link to be added if separate Cookie Policy exists].

6. Data Sharing & Third-Party Processors

We may share or disclose your personal data to third parties only in the following situations:

Service Providers & Processors:
We may share data with service providers, partners, or subcontractors who help us deliver services (e.g., cloud hosting providers, IT vendors, email service providers, analytics platforms, third-party compliance advisors). These third parties:

  • Are contractually obligated to maintain confidentiality

  • Must implement adequate security measures

  • May only process data according to our documented instructions

  • Are subject to our oversight and audit rights

Legal & Regulatory Authorities:
When required by law, court order, or regulatory obligation, or when necessary to protect our legal rights.

Service Fulfillment:
When necessary to fulfill your request or contractual agreement (e.g., for consultancy services, technical assessments).

We do NOT:

  • Sell or rent your personal data to unaffiliated third parties for marketing or other purposes

  • Share your data for purposes incompatible with those stated in this Notice

7. Cross-Border Data Transfers

If we transfer your personal data outside the UAE, we ensure such transfers comply with applicable laws and implement appropriate safeguards to protect your data.

Our Cross-Border Transfer Safeguards:

  1. Adequacy Assessment: We assess whether the destination country provides adequate data protection standards

  2. Contractual Protections: We implement standard contractual clauses or similar legally recognized transfer mechanisms

  3. Security Measures: We ensure technical security measures (encryption, access controls, secure transmission protocols) are in place

  4. Documented Justification: We maintain documentation of transfer necessity, safeguards, and risk assessments

  5. Regulatory Compliance: We obtain necessary approvals where required under UAE PDPL and await guidance from Executive Regulations when issued

Under UAE PDPL, cross-border data transfers must meet required protection standards. We continuously monitor regulatory developments and will adjust our transfer mechanisms as the UAE Data Office issues further guidance.

Transfers to Service Providers:
When we use cloud service providers or other processors located outside the UAE, we ensure:

  • They provide equivalent protection standards

  • Binding contractual obligations are in place

  • Data processing is limited to our documented instructions

  • We maintain oversight and audit rights

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Service Delivery: Duration of our engagement plus reasonable period for follow-up support

  • Legal & Regulatory Compliance: As required by applicable retention obligations

  • Legitimate Business Interests: For reasonable periods to maintain business records, respond to inquiries, or defend legal claims

Deletion & Anonymization:
We periodically review our data holdings and:

  • Delete data that is no longer required

  • Anonymize data where continued retention is necessary for statistical or analytical purposes but individual identification is not required

  • Honor data subject deletion requests (where applicable and legally permissible)

You may request information about our retention practices for your specific data by contacting us.

9. Your Rights Under UAE PDPL

Under the UAE Personal Data Protection Law, you have the following rights with respect to your personal data:

Right to Information

The right to be informed about how your data is processed (this Notice aims to satisfy that requirement).

Right to Access

The right to access the personal data we hold about you and obtain information about how it is processed.

Right to Rectification

The right to request correction or update of inaccurate or incomplete personal data.

Right to Erasure/Deletion

The right to request deletion or erasure of your personal data when there is no lawful basis to continue processing it, subject to legal obligations that may require us to retain certain data.

Right to Withdraw Consent

If processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing conducted before withdrawal.

Right to Object

The right to object to certain types of processing (e.g., direct marketing, profiling, or processing based on legitimate interests) when applicable.

Right to Data Portability

The right to receive your personal data in a structured, commonly used, and machine-readable format where data is processed automatically and you've provided consent or it's processed under contract.

Right to Restrict Processing

The right to request restriction of processing in certain circumstances (e.g., while we verify accuracy of contested data).

How to Exercise Your Rights:

To exercise any of these rights, contact us at:
Email: privacy@globalcompliancecode.com
Subject Line: "Data Subject Rights Request"

We will:

  • Respond to your request promptly, in accordance with applicable law (generally within 30 days)

  • Verify your identity before fulfilling requests to protect against unauthorized access

  • Provide clear reasons if we cannot fulfill your request

  • Not charge a fee for legitimate requests (unless requests are manifestly unfounded, excessive, or repetitive)

10. Data Security & Protection Measures

We implement technical and organizational safeguards to protect personal data against unauthorized access, disclosure, loss, alteration, or destruction.

Our Security Measures Include:

Technical Controls:

  • Encryption of data in transit and at rest (where applicable)

  • Secure access controls and authentication mechanisms

  • Regular security monitoring and vulnerability assessments

  • Secure data storage systems

  • Network security measures (firewalls, intrusion detection)

Organizational Controls:

  • Internal policies and procedures limiting data access to authorized personnel only

  • Employee training on data protection and security

  • Confidentiality obligations in employment contracts

  • Regular review of security practices

  • Incident response and breach notification procedures

Data Breach Preparedness:
We have implemented data breach detection and response procedures. While the UAE Data Office is not yet fully operational, we maintain readiness to notify both the regulator and affected individuals in accordance with UAE PDPL requirements once enforcement mechanisms are established.

In the event of a data breach that would prejudice the privacy, confidentiality, or security of your personal data, we will:

  • Investigate and contain the breach immediately

  • Document the breach and its effects

  • Notify the UAE Data Office when it becomes operational

  • Notify affected individuals when required

  • Implement corrective measures to prevent recurrence

Limitations:
While we implement robust security measures, no system is entirely immune to security risks. We cannot guarantee absolute security but commit to maintaining security standards aligned with industry best practices and legal requirements.

11. Children & Minors

Our services are directed to businesses, professionals, and legal entities. We do not knowingly collect or process personal data of children and minors (persons under 18 years of age).

If you believe we have inadvertently collected data of a minor, please contact us immediately at privacy@globalcompliancecode.com — and we will delete such data without undue delay.

Parental Rights:
If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can delete such information from our systems.

12. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect:

  • Changes in regulation or regulatory guidance (particularly UAE PDPL Executive Regulations when issued)

  • Changes in our services or data processing practices

  • Changes required to enhance data protection

  • Operational improvements

When We Update This Notice:

  • We will update the "Last updated" date at the top

  • Significant changes that materially affect your rights or how we process data will be communicated to you via email or prominent notice on our website

  • If consent is the basis for processing, we will seek renewed consent for material changes where required

We Encourage You To:

  • Review this Notice periodically

  • Contact us if you have questions about changes

  • Exercise your rights if you disagree with updated practices

13. Data Protection Officer & Contact

Primary Contact for Privacy Matters:
Email: privacy@globalcompliancecode.com
Address: [Your company address — to be completed]

Data Protection Officer (DPO):
As our organization grows and if required under UAE PDPL or Executive Regulations, we will appoint a qualified Data Protection Officer. Until such appointment is required or made, privacy inquiries should be directed to the email above.

Response Timeline:
We aim to respond to all privacy-related inquiries within 10 business days, and to formal data subject rights requests within 30 days as required by UAE PDPL.

Complaints:
If you are not satisfied with our response to your privacy concerns, you will have the right to file a complaint with the UAE Data Office once it becomes fully operational. We encourage you to contact us first so we can address your concerns directly.

14. Governing Law & Jurisdiction

This Privacy Notice and our processing of your personal data are governed by and comply with the laws and regulations of the United Arab Emirates, in particular:

  • Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)

  • Federal Decree-Law No. 44 of 2021 establishing the UAE Data Office

  • Any Executive Regulations, guidance, or implementing regulations issued thereunder

  • Other applicable UAE federal and emirate-level data protection and privacy laws

For Free Zone Entities:
If you are located in or conducting business from UAE free zones (DIFC, ADGM, or other special jurisdictions), additional data protection laws may apply. We recommend reviewing the specific data protection requirements applicable to your jurisdiction.

International Frameworks:
Where appropriate and in the absence of specific UAE guidance, we also reference international best practices including GDPR principles to ensure robust data protection standards.

15. Additional Information

Language:
This Privacy Notice is provided in English. If translated into other languages, the English version shall prevail in case of any discrepancies.

Severability:
If any provision of this Notice is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

Third-Party Websites:
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read the privacy policies of any third-party sites you visit.

Professional Services:
When you engage our professional services, additional terms and data processing agreements may apply. Such agreements will be provided separately and will govern the processing of data specific to those services.

16. Summary of Key Points

For quick reference, here are the key points of our privacy practices:

We collect: Contact information, professional details, and technical usage data
We use it for: Delivering services, responding to inquiries, improving our website, and (with consent) marketing
We protect it with: Encryption, access controls, security monitoring, and staff training
We share it with: Only necessary service providers under strict contractual obligations, or when legally required
We keep it for: Only as long as necessary for the stated purposes or legal obligations
You can: Access, correct, delete, object to processing, withdraw consent, or port your data
We comply with: UAE PDPL and international data protection best practices

Questions or Concerns?
Contact us at privacy@globalcompliancecode.com

Acknowledgment:
This Privacy Notice has been prepared in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and reflects our commitment to protecting your privacy and personal data in accordance with the highest standards.

Global Compliance Code — Clarity. Speed. Scale.

Document Version: 2.0
Last Updated: December 2025
Next Scheduled Review: Upon issuance of UAE PDPL Executive Regulations or June 2026