1. Introduction

ICAI Dubai Chapter NPIO (“ICAI Dubai Chapter”, “we”, “our”) is committed to protecting your personal data and ensuring transparency in how we collect, use, store, share, and safeguard your information. This Privacy Policy complies with the DIFC Data Protection Law, Law No. 5 of 2020.

2. Information We Collect

We may collect the following personal data:

• Name and ICAI membership details
• Contact information (email, phone number, mailing address)
• Event registrations, attendance, and participation history
• Payment and invoicing details for paid events
• Survey responses, preferences, and information voluntarily shared by you

3. How We Use Your Data

Your information is used to:

• Communicating chapter updates, newsletters, and notices
• Managing member records and engagement
• Organising events, conferences, and CSR activities
• Conducting Managing Committee elections
• Fulfilling DIFC regulatory and legal obligations

Each purpose is supported by a lawful basis such as explicit consent, contractual necessity, legal obligation, or legitimate interest, depending on the activity.

4. Consent for Storing Your Information

We do not use default or pre-selected consent options.

Your information is stored only when you actively provide explicit consent, through:

• Our online consent form (containing clear opt-in choices), or
• Email confirmation sent to [email protected]

If consent is not provided, we may not be able to send chapter updates or notifications.

5. Consent for Processing and Sharing Your Data

We only process or share your data when you actively opt in.
We do not use pre-ticked boxes, implied consent, or default acceptance mechanisms.

5.1 Election Candidates

If you give explicit consent, your contact information may be shared with Managing Committee election contestants for election-related communication. Contestants must delete this information once the election is completed.

5.2 Sponsors

With explicit opt-in consent, we may share your information with chapter sponsors so they may contact you regarding:

• Relevant products or services
• Promotional offers or marketing communications

Sponsors must delete your information after their contract ends. Some sponsors may process data outside the DIFC.

5.3 Third-Party Election Providers

If you opt in, your information may be shared with authorised third-party election service providers for conducting elections. This may involve cross-border data transfers.

5.4 Event & Operational Partners

With explicit consent, we may share limited information with event management or operational partners solely for chapter activities. All partners must delete your data at the end of their engagement.

6. Cookies and Tracking Technologies (Opt-In Only)

Non-essential cookies (analytics, tracking, marketing) are not activated by default.

• Users must actively opt in through the cookie banner.
• Only strictly necessary cookies load before consent.
• You may change or withdraw cookie preferences at any time.

This ensures compliance with DIFC’s requirement to remove default consent settings.

7. Cross-Border Data Transfers

Some activities may require transferring personal data outside the DIFC.

To ensure protection, we may use:

• DIFC Standard Contractual Clauses (SCCs)
• Adequacy and transfer risk assessments
• Vendor deletion commitments

Cross-border transfers occur only when necessary and with appropriate safeguards.

8. Your Rights Under DIFC Law

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Withdraw consent at any time
• Object to certain processing activities
• Request deletion of your data (where applicable)
• Request data portability
• File a complaint with the DIFC Commissioner of Data Protection
• Exercise your Private Right of Action under the amended law

To exercise your rights, contact [email protected]

9. Withdrawing Consent

You may withdraw consent at any time by:

• Using the withdrawal option on our website, or
• Emailing [email protected]

Once withdrawn, we will immediately stop processing your data for that specific purpose.

10. Data Retention

We retain your personal data only for as long as necessary for:

• Membership management
• Event-related functions
• Legal and regulatory compliance

All third parties are required to delete your data once their purpose is fulfilled.

11. How We Protect Your Data

We use appropriate technical and organisational measures such as:

• Secure servers and encryption
• Access controls and data minimisation
• Confidentiality agreements with partners
• Strict deletion protocols

12. Data Protection Impact Assessments (DPIAs)

We conduct DPIAs for activities that may pose higher risks, including:

• Behavioural analytics or tracking
• Cross-border transfers
• Processing sensitive or special category data
• Election and sponsorship-related data sharing

13. Data Protection Officer (DPO)

We have appointed a qualified Data Protection Officer responsible for ensuring compliance with DIFC law.

DPO Contact:
📧 [email protected]

14. Policy Updates

This Privacy Policy is reviewed and updated annually, or sooner if:

• Our processing activities change
• Regulations are updated
• New technologies or vendors are introduced

The most recent version will always be available on our website.

15. Historical Data Disclaimer

DIFC Data Protection Law took effect on 1 October 2020. ICAI Dubai Chapter is not responsible for data-sharing activities conducted prior to 1 March 2021.