Data Protection Statement

RAA Limitedand RAA Auditing of Accounts, together termed as RAA respects data privacy and is committed to protecting the individual and personal data collected through its website, oﬃces, events, and/or provision of services.

This Data Protection Statement, as amended from time to time (the “Data Protection Statement”), explains the manner in which RAA collects, uses, maintains, and discloses personal data obtained through its website and through the provision of its services.

RAA adopts ADGM Data Protection Regulations, which set out similar levels of protection of Personal Data and other requirements and general principles as under the European General Data Protection Regulations (“GDPR”).

RAA, being a Data Controller, ensures that Personal Data processed by RAA is:

Processed fairly, lawfully, and securely.
Processed for speciﬁed, explicit, and legitimate purposes in accordance with the Data Subject’s rights and not further Processed in a way incompatible with those purposes or rights.
Adequate, relevant, and not excessive in relation to the purposes for which they are collected or further Processed.
Accurate and, where necessary, kept up to date; and
Kept in a form that permits identiﬁcation of Data Subjects no longer than is necessary for the purposes for which the Personal Data was collected or further Processed.

RAA has a policy in place in relation to Data Protection and Information Security (“Policy”), which establishes the core concepts and principles for the systematic handling, review, storage, safety, retention, and management of data processed and documents received and/or created by RAA in the course of business, which accordingly forms its records.

RAA maintains systems and controls to retain records of matters and dealings in order to fulﬁl its legal and regulatory obligations with respect to adequacy, access, period of retention, and security of records.

Data Subject:

The Client, the Client’s Employees as may be required per the agreement, the Client’s Directors and Beneﬁcial Owners as may be required for RAA to comply with AML/CFT legislation, the prospective candidates under recruitment process, the user of RAA’s website, any person contacting RAA’s oﬃces/employees, or visiting RAA’s oﬃces or attending webinars or seminars conducted by RAA or its aﬃliates.

Method of Collection of Personal Data:

Provided by the Data Subject (where Personal Data is Processed) or by a Third Party, as applicable, via website enquiry, email, in hard copy, or over a phone conversation. RAA may also collect personal data from public registers, regulatory databases, sanctions lists, company registries, professional directories, adverse media sources and compliance screening providers

Types of Personal Data (including Sensitive Personal Data) to be Processed:

Typically, RAA may process the following Personal Data as part of provision of services including recruitment, accounting, VAT, compliance and authorization support, processing of visas, marketing of its services, sending information about events or publications, discussing proposed services, etc.:

Name
Place and date of birth
Nationality and citizenship
Passport number, dates of issue and expiry, issuing authority/place
Other ids numbers, dates of issue and expiry, issuing authority/place
Address, mobile and other phone numbers, email ids
Religion (if voluntarily mentioned in the cv – this information is not requested by RAA, except for visa processing services)
Bank name and account number (for recruitment services, hiring staﬀ for RAA)
Marital status (for recruitment services, hiring staﬀ for RAA)
Employer, designation, and salary (for recruitment services, hiring staﬀ for RAA)

Processing of Personal Data:

RAA may process personal data for service delivery, client onboarding, AML/CFT/CPF and sanctions compliance, audit/accounting/tax services, regulatory filings, recruitment, marketing, events, legal claims, security and record keeping

RAA processes personal data where necessary for performance of a contract, compliance with legal obligations, legitimate business interests, consent where required, establishment/exercise/defence of legal claims, and regulatory or professional obligation

Personal data may be transferred between RAA entities, service providers, cloud/email providers, professional advisers, banks, authorities and regulators in the UAE, ADGM or other jurisdictions. RAA will apply appropriate safeguards where required by applicable data protection law

RAA retains personal data for as long as necessary for the purposes collected, including to comply with AML/CFT/CPF, audit, tax, accounting, regulatory, legal and professional record-keeping obligations. Retention periods may vary depending on the service and applicable law

RAA may engage third-party processors and service providers, including IT, cloud, compliance screening, payroll, recruitment, event, website and professional support providers, subject to appropriate confidentiality and data protection obligations.

Right to Access and Rectify Personal Data:

A Data Subject (i.e. a person whose Personal Data is being Processed) has the right to approach RAA via email at ask@raa-auditing.com and request a copy of the Data Subject’s Personal Data Processed by RAA, review it, and as necessary, rectify or erase, restrict processing, or object to processing of the Personal Data records as stored by RAA.

Cookies:

We use cookies to analyse how visitors use our website. The table below explains the cookies we use and why.

Cookie	Provider	Purpose	Type	Expiry
`_ga`	Google Analytics	Distinguishes unique users by assigning a randomly generated number. Used to calculate visitor, session, and campaign data.	Analytics	2 years
`_ga_T8S10TZJ67`	Google Analytics	Used by GA4 to persist session state and track pageviews within a session.	Analytics	2 years
`_gid`	Google Analytics	Registers a unique ID used to generate statistical data on how the visitor uses the website.	Analytics	24 hours
`_gat`	Google Analytics	Used to throttle request rate to Google Analytics, limiting data collection on high-traffic sites.	Analytics	1 minute