Privacy Policy

1. Introduction

Blue Ridge Advisory ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, engage our services, or interact with us.

This policy is designed to comply with:

• European Union General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
• UAE Federal Decree-Law No. 45 of 2021 - On the Protection of Personal Data (PDPL)
• Dubai International Financial Centre (DIFC) Data Protection Law - DIFC Law No. 5 of 2020
• Abu Dhabi Global Market (ADGM) Data Protection Regulations 2021
• Kingdom of Saudi Arabia Personal Data Protection Law (PDPL)
• Qatar Law No. 13 of 2016 - On Personal Data Privacy Protection
• Bahrain Personal Data Protection Law (PDPL) - Law No. 30 of 2018

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

For EU residents, you may also contact our EU representative for data protection matters at the same email address.

3. Data We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, company name, job title
• Communication Data: Messages, inquiries, and correspondence you send us
• Professional Information: Business details, investment interests, service requirements
• Newsletter Subscriptions: Email address and communication preferences

3.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, click patterns, referring URLs
• Location Data: General geographic location based on IP address
• Cookies and Similar Technologies: As described in Section 9

3.3 Information from Third Parties

• Professional Networks: Publicly available information from LinkedIn or business directories
• Referrals: Information provided by mutual contacts or business partners with your consent
• Due Diligence Sources: Information from regulatory databases or public records as required for compliance

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

4.1 Consent (Article 6(1)(a) GDPR)

Where you have given explicit consent for specific processing activities, such as:

• Subscribing to our newsletter
• Receiving marketing communications
• Participating in surveys or research

4.2 Contractual Necessity (Article 6(1)(b) GDPR)

Processing necessary to perform a contract with you or take pre-contractual steps at your request:

• Responding to service inquiries
• Delivering advisory services
• Managing client relationships

4.3 Legal Obligation (Article 6(1)(c) GDPR)

Processing necessary to comply with legal obligations:

• Anti-money laundering (AML) requirements
• Know Your Customer (KYC) procedures
• Tax reporting obligations
• Regulatory compliance

4.4 Legitimate Interests (Article 6(1)(f) GDPR)

Processing necessary for our legitimate business interests, where not overridden by your rights:

• Improving our website and services
• Protecting against fraud and security threats
• Business development and networking
• Analytics and performance monitoring

5. How We Use Your Data

We use your personal data for the following purposes:

5.1 Service Delivery

• Responding to inquiries and providing information about our services
• Delivering advisory and consulting services
• Managing client relationships and communications
• Processing engagements and maintaining records

5.2 Communications

• Sending newsletters and thought leadership content (with consent)
• Providing service updates and important notices
• Responding to your questions and requests

5.3 Website Operations

• Operating and maintaining our website
• Analyzing usage patterns to improve user experience
• Ensuring website security and preventing abuse

5.4 Legal and Compliance

• Complying with applicable laws and regulations
• Conducting due diligence and compliance checks
• Protecting our legal rights and interests

6. Data Sharing & International Transfers

6.1 Categories of Recipients

We may share your personal data with:

• Service Providers: Third parties who provide services on our behalf (hosting, email services, analytics)
• Professional Advisors: Legal, accounting, and other professional advisors as necessary
• Regulatory Authorities: Government bodies, regulators, or law enforcement when required by law
• Business Partners: With your consent, for specific collaborative engagements

6.2 International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including:

• United Arab Emirates (our primary location)
• European Economic Area (EEA) countries
• United Kingdom
• Other GCC countries

For transfers outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Binding Corporate Rules where implemented
• Your explicit consent for specific transfers

6.3 No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

After the retention period, personal data is securely deleted or anonymized for statistical purposes.

8. Your Rights

Under GDPR, UAE PDPL, and other applicable data protection laws, you have the following rights:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.

8.4 Right to Restriction of Processing

You have the right to request that we limit the processing of your personal data in certain circumstances.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

8.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of prior processing.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:

• EU Residents: Your local Data Protection Authority
• UAE Residents: UAE Data Office
• DIFC: Commissioner of Data Protection, DIFC
• ADGM: Office of Data Protection, ADGM

8.9 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@theblueridge.ae. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

9. Cookies & Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us provide a better user experience and understand how our website is used.

9.2 Types of Cookies We Use

9.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block cookies from specific sites
• Block all cookies
• Delete all cookies when you close your browser

Note: Blocking essential cookies may affect website functionality.

9.4 Do Not Track

Our website currently does not respond to "Do Not Track" browser signals. However, you can manage tracking through cookie settings as described above.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: SSL/TLS encryption for data in transit
• Access Controls: Role-based access limited to authorized personnel
• Secure Infrastructure: Industry-standard hosting with security certifications
• Regular Reviews: Periodic security assessments and updates
• Staff Training: Regular data protection training for team members
• Incident Response: Procedures for detecting and responding to data breaches

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@theblueridge.ae, and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you via email (if you have provided one) or through a prominent notice on our website
• For significant changes affecting your rights, we will seek your consent where required

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 30 days.