1. Introduction

ICAI Dubai Chapter NPIO (“ICAI Dubai Chapter”, “we”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information in line with the DIFC Data Protection Law.

2. Information We Collect

We may collect the following personal data:

• Name and ICAI membership details
• Contact information (email, phone, address)
• Event registrations and participation history
• Payments and invoicing details (for paid events)
• Preferences, survey responses, or information shared voluntarily

3. How We Use Your Data

Your information is used to:

• Communicate chapter updates, notices, and newsletters
• Manage your membership and chapter engagement
• Organise events, conferences, and CSR activities
• Conduct Managing Committee elections
• Comply with DIFC legal and regulatory obligations

Each processing activity is supported by a valid lawful basis such as consent, contract, legal obligation, or legitimate interest.

4. Consent for Storing Your Information

We obtain explicit consent before storing your personal data to communicate with you about chapter activities. You may provide this consent through our online consent form or by emailing [email protected]. Without this consent, we may be unable to send updates or notifications.

5. Consent for Processing and Sharing Your Data

5.1 Election Candidates

With your consent, your contact information may be shared with Managing Committee election contestants for election-related communication. Contestants are required to delete this data after the election.

5.2 Sponsors

With your consent, we may share your contact information with ICAI Dubai Chapter sponsors for:

• Product and service promotions
• Offers and marketing communications

Sponsors are required to delete your data after their contract ends. These activities may involve cross-border transfers.

5.3 Third-Party Election Management

Your data may be shared with authorised third-party election service providers for conducting elections. Cross-border transfers may occur depending on the service provider.

5.4 Event & Operational Partners

We may share data with event management or operational partners strictly for chapter activities. Deletion undertakings are required at the end of the engagement. We only share data when you provide clear, explicit opt-in consent.

6. Cross-Border Data Transfers

Some activities may involve transferring personal data outside the DIFC.

To ensure protection, we may use:

• DIFC Standard Contractual Clauses (SCCs)
• Adequacy assessments
• Vendor deletion commitments
• Transfer risk assessments

7. Your Rights Under DIFC Law

You have the right to:

• Access your data
• Request corrections
• Withdraw consent at any time
• Object to certain processing
• Request deletion (where applicable)
• Data portability
• File a complaint with the DIFC Commissioner of Data Protection
• Exercise your Private Right of Action under the amended law

To exercise your rights, email [email protected].

8. Withdrawing Consent

You may withdraw consent at any time by:

• Using the withdrawal link included in each consent section
• Emailing [email protected]

After withdrawal, we will stop processing your data for that purpose.

9. Data Retention

We keep your data only as long as necessary for:

• Membership management
• Event and chapter activities
• Legal and regulatory obligations

All third parties are required to delete shared data once the purpose is complete.

10. How We Protect Your Data

We use appropriate technical and organisational measures, including:

• Access controls
• Secure data storage
• Data minimisation
• Vendor confidentiality agreements
• Secure deletion protocols

11. Data Protection Impact Assessments (DPIAs)

We conduct DPIAs for all high-risk processing, such as:

• Behavioural tracking and analytics
• Cross-border transfers
• Sensitive or special category data
• Sharing data with election and sponsorship partners

12. Appointment of Data Protection Officer (DPO)

We appoint a qualified DPO to manage compliance with DIFC law. DPO contact details will be published and regularly updated on this website.

13. Policy Updates

We review and update this Privacy Policy annually, or earlier when:

• New data processing activities begin
• Regulations change
• New technologies or vendors are introduced

The latest version will always be available on this page.

14. Historical Data Disclaimer

DIFC Data Protection Law took effect on 1 October 2020. The ICAI Dubai Chapter is not responsible for historical data sharing prior to 1 March 2021.