Who is the data controller?
KLME LLP
Abu Dhabi, Dubai, United Arab Emirates
Data Protection Officer (DPO): enquiries@klme.law
Information we collect
| Category | Examples | Legal basis (PDPL / GDPR Art. 6) |
|---|---|---|
| Contact details | Name, email, phone, address | Legitimate interests (responding to enquiries); pre‑contract steps |
| Matter information | Facts you provide about a legal issue, opposing parties, documents | Performance of a contract; legal obligations |
| Marketing preferences | Opt‑in/opt‑out choices | Consent |
| Technical data | IP address, browser type, pages visited, cookies | Legitimate interests (Site security & analytics); consent (non‑essential cookies) |
How we use your information
- Respond to enquiries and provide legal services (performance of a contract / pre‑contract steps).
- Comply with legal and regulatory obligations (e.g., KYC/AML checks, sanctions screening).
- Improve and secure our Site (legitimate interests in IT security and service quality).
- Send legal updates and event invitations when you have opted in (consent).
- Recruitment – assess job applications (legitimate interests; pre‑contract steps).
Cookies & similar technologies
We use essential cookies for security and core functionality and optional analytics cookies (e.g., Google Analytics) to understand site traffic. Non‑essential cookies load only after you click “Accept” on our cookie banner; you may withdraw consent at any time through the banner or your browser settings.
Sharing your data
- Within KLME and with trusted service providers (IT hosting, email, analytics) under strict confidentiality agreements;
- With counsel, experts, or courts when required to progress your matter;
- With regulators or law‑enforcement where we have a legal duty;
- In the context of a merger or restructuring (we will notify you beforehand).
International transfers
Where we transfer personal data outside the UAE/DIFC to a country not deemed “adequate,” we rely on one or more of the safeguards allowed under the PDPL (e.g., explicit consent, contractual clauses, necessity for contract performance, or other exemptions)
Data security
We apply organizational and technical measures aligned with ISO 27001 good practice, including encryption in transit, access controls, and regular penetration testing. Our service providers are contractually obliged to do the same.
Data retention
We keep matter files for 10 years after closure (or longer if UAE law or professional‑conduct rules require). Marketing data is retained until you unsubscribe. CVs for unsuccessful applicants are deleted after 6 months unless you consent to a longer period.
Your rights
Depending on the law that applies, you can:
- Access a copy of your data;
- Correct or complete inaccurate data;
- Request erasure (“right to be forgotten”);
- Restrict or object to processing;
- Receive your data in a portable format;
- Withdraw consent at any time (marketing & cookies);
- Complain to the UAE Data Office or, if in the DIFC, the Commissioner of Data Protection.
Children’s privacy
Our services are not directed to individuals under 18. If we discover we have collected personal data from a minor without parental consent, we will delete it.
Links to third‑party sites
Our Site may contain links to external sites. We are not responsible for their privacy practices. Please review their policies before providing data.
Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be highlighted on this page or via email where practicable. Your continued use of the Site after changes take effect constitutes acceptance of the revised Policy.
Contact us
For questions, requests, or complaints regarding this Privacy Policy or our data‑handling practices:
KLME Legal Consultants
Attn: Data Protection Officer
enquiries@klme.law