MERRITT MIDDLE EAST DMCC
PRIVACY POLICY
Last updated: April 2026
| About this Policy This Privacy Policy explains how Merritt Middle East DMCC (« Merritt », « we », « us », « our ») collects, uses, stores, shares and protects your personal data when you visit our website (merritt.ae) or engage with our services. It also explains your rights under the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (« UAE PDPL ») and how to exercise them.
Who we are Merritt Middle East DMCC is incorporated in the DMCC Free Zone, Dubai, United Arab Emirates (DMCC Licence No. DMCC-102537). Registered office: Office No. 1005, 10th Floor, Goldcrest Executive Tower, Cluster C, Jumeirah Lakes Towers, Dubai, UAE. All corporate services are provided by Merritt Middle East DMCC. All legal services are provided by Merritt Legal Consultants FZ LLC. |
1. Information We Collect
1.1 Information you provide directly When you contact us, request a quotation, or use our services, we may collect personally identifiable information including your name, email address, telephone number, postal address, and any other information you choose to provide through our contact or quotation forms.
1.2 Information collected automatically When you visit our website, we automatically collect certain technical information, including your IP address, browser type, operating system, referring website addresses, pages visited, and access times. This information is used to operate and improve our website and services.
1.3 Sensitive personal data In the course of providing our corporate, legal, and compliance services, we may collect sensitive personal data (such as passport copies, proof of address, and KYC documentation). Such data is collected solely to the extent required by applicable law (including UAE AML obligations under Federal Decree-Law No. 20 of 2018) and is handled with the highest standard of care.
2. Legal Basis for Processing
Merritt processes your personal data only where it has a lawful basis to do so under the UAE PDPL. The legal bases we rely upon are:
- Consent: where you have given us your explicit consent to process your data for a specific purpose (e.g. marketing communications). You may withdraw your consent at any time.
- Contractual necessity: where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
- Legal obligation: where processing is necessary to comply with a legal obligation applicable to Merritt, including anti-money laundering, KYC, and regulatory reporting requirements.
- Legitimate interests: where processing is necessary for Merritt’s legitimate interests (such as improving our services, ensuring network and information security), provided those interests are not overridden by your rights and freedoms.
3. How We Use Your Information
We use the personal data we collect for the following purposes:
- To provide and administer our corporate, legal, and advisory services to you
- To respond to your enquiries and process your requests
- To comply with applicable legal and regulatory obligations (including AML/KYC requirements)
- To operate, maintain, and improve our website
- To send you service-related communications (e.g. invoices, renewal notices)
- To send you marketing communications about our services — only where you have given your prior consent, and you may opt out at any time
- To conduct statistical analysis and improve our service offering
4. Marketing Communications
Merritt will only contact you for marketing purposes where you have given your prior consent in accordance with the UAE Consumer Protection Law (Federal Law No. 15 of 2020). You may withdraw your consent to receive marketing communications at any time by:
- Clicking the unsubscribe link in any marketing email we send you
- Contacting us directly at support@merritt.group
Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
5. Sharing Your Information
Merritt does not sell, rent, or lease your personal data to third parties. We may share your personal data in the following limited circumstances:
- Service providers: We may share your data with trusted third-party service providers who assist us in operating our website and delivering our services (e.g. IT providers, analytics providers, postal and courier services). All such providers are contractually bound to maintain the confidentiality of your data and to use it only for the purposes for which it was disclosed.
- Legal and regulatory authorities: We may disclose your personal data to competent authorities where required to do so by law, court order, or regulatory requirement. Where reasonably practicable and legally permissible, we will notify you of any such disclosure.
- Merritt Network: Your data may be shared with other companies within the Merritt Network for the purposes of providing the services you have requested. All Merritt Network entities are bound by equivalent data protection standards.
- Professional advisers: We may share your data with lawyers, accountants, auditors, and insurers where necessary in connection with the provision of our services.
We do not share your personal data with third parties for their own independent marketing purposes without your explicit consent.
6. International Transfers of Personal Data
As Merritt operates internationally and is part of the Merritt Network, your personal data may be transferred to, and processed in, countries outside the United Arab Emirates. Any such transfer will be carried out in compliance with the UAE PDPL, and only where:
- The destination country offers an adequate level of data protection as recognised by the UAE Data Office; or
- Appropriate safeguards are in place, such as contractual clauses approved by the UAE Data Office; or
- The transfer is necessary for the performance of a contract between you and Merritt.
You may request details of the safeguards applicable to any such transfer by contacting us at support@merritt.group.
7. Data Retention
Merritt retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable UAE law and regulation. In particular:
- Client data and KYC documentation is retained for a minimum of five (5) years following the end of the business relationship, in accordance with UAE AML obligations (Federal Decree-Law No. 20 of 2018 and its implementing regulations)
- Website usage data and analytics are retained for a maximum of five (5) years
- Marketing consent records are retained for the duration of the consent and for three (3) years thereafter
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with industry best practices.
8. Security of Your Personal Data
Merritt implements appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. These measures include access controls, data encryption, regular security assessments, and staff training on data protection obligations.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Merritt will notify the UAE Data Office and, where required by the UAE PDPL, affected individuals, within the timeframes prescribed by applicable law.
Please note that no method of electronic transmission or storage is 100% secure. While Merritt takes all reasonable steps to protect your data, we cannot guarantee absolute security.
9. Cookies
Our website uses cookies to enhance your browsing experience. A cookie is a small text file placed on your device by a web server. Cookies cannot be used to run programmes or deliver viruses to your computer.
We use the following categories of cookies:
- Strictly necessary cookies: Essential for the operation of our website. These cannot be disabled.
- Analytical / performance cookies: Allow us to recognise and count visitors and understand how they navigate our website, helping us improve its performance.
- Functionality cookies: Enable us to personalise your experience when you return to our website.
- Targeting / advertising cookies: Record your visit to our website and the pages you have visited. This information may be used to make our website and advertising more relevant to your interests.
By continuing to use our website, you consent to our use of cookies. You may withdraw your consent at any time by adjusting your browser settings to decline cookies. Please note that disabling certain cookies may affect the functionality of our website. For further information on how to manage cookies, please refer to your browser’s help documentation.
10. Your Rights Under the UAE PDPL
Under the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, you have the following rights with respect to your personal data:
| Right | What it means |
| Right of Access | You may request a copy of the personal data we hold about you. |
| Right to Rectification | You may request that we correct inaccurate or incomplete personal data. |
| Right to Erasure | You may request that we delete your personal data, subject to our legal retention obligations. |
| Right to Restriction | You may request that we restrict the processing of your personal data in certain circumstances. |
| Right to Data Portability | You may request that we provide your personal data in a structured, commonly used, machine-readable format. |
| Right to Object | You may object to the processing of your personal data for direct marketing purposes at any time. |
| Right to Withdraw Consent | Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. |
To exercise any of the above rights, please submit a written request to support@merritt.group. Merritt will acknowledge receipt of your request within twenty (20) business days and respond within thirty (30) days. We may ask you to verify your identity before processing your request.
11. Third-Party Websites
Our website may contain links to third-party websites. Merritt has no control over the content, privacy practices, or security of such websites and is not responsible for their privacy statements. We encourage you to review the privacy policy of any website you visit.
12. Changes to this Privacy Policy
Merritt may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or regulatory requirements. We will notify you of any material changes by posting a prominent notice on our website. The date of the most recent revision is displayed at the top of this page.
Continued use of our website following notification of changes constitutes your acceptance of the revised Privacy Policy.
13. Contact Us & Supervisory Authority
If you have any questions about this Privacy Policy, wish to exercise your rights, or believe that Merritt has not complied with this Policy, please contact us:
| Data Protection Contact | Merritt Middle East DMCC
Email: support@merritt.group Address: Office No. 1005, 10th Floor, Goldcrest Executive Tower, Cluster C, Jumeirah Lakes Towers, Dubai, UAE Phone: +971 4 422 1345 | WhatsApp: +971 52 557 3356 |
Merritt Middle East DMCC | Merritt Legal Consultants FZ LLC
merritt.ae | support@merritt.group | +971 4 422 1345
Compliant with UAE Federal Decree-Law No. 45 of 2021 (PDPL) | April 2026