PRIVACY POLICY

1. Introduction

Winnow Management and Tax Consultant LLC ("Winnow," "we," "our," or "us"), registered and operating in the United Arab Emirates with offices at F2, Al Raas Building, Al Khor Street, Al Ras, Gold Souk, Dubai, UAE, is committed to protecting the privacy and confidentiality of all personal information we collect, process, and store in connection with the delivery of our compliance, tax consultancy, and AML advisory services.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.winnowconsultant.ae, engage with our services, or interact with us through any of our communication channels. By accessing our website or using our services, you acknowledge that you have read, understood, and agree to the practices described in this Policy.

This Policy is prepared in compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and any applicable regulations issued thereunder, as well as applicable AML/CFT laws and DNFBP regulatory requirements in the UAE.

2. Information We Collect

We may collect the following categories of personal and business information:

3. How We Use Your Information

We use your personal information for the following lawful purposes:

• Service Delivery: Delivering AML compliance advisory, sanction screening, risk assessment, independent review, inspection assistance, grievance filing, tax advisory, and related services you have engaged us for
• Regulatory & Legal Compliance: Fulfilling obligations under UAE AML/CFT laws, DNFBP regulations, CBUAE and other regulatory requirements, including customer due diligence (CDD) and enhanced due diligence (EDD)
• Sanctions & Name Screening: Screening individuals and entities against international sanctions lists, PEP lists, and adverse media databases as required by law and client instruction
• Client Communication & Account Management: Processing and responding to your service enquiries, scheduling consultations, and managing your account
• Billing & Payments: Processing payments and generating invoices for services rendered
• Website & Service Improvement: Improving our website functionality, monitoring usage patterns, and enhancing user experience
• Marketing & Updates: Sending relevant updates on regulatory changes, compliance news, and our services (where you have opted in or where permitted by law)
• Internal Administration: Maintaining internal records, conducting audits, and managing business operations

4. Legal Basis for Processing

Under applicable UAE data protection law, we process your personal data on the following bases:

• Contractual Necessity: Processing is necessary to perform the services you have contracted with us
• Legal Obligation: Processing is required to comply with UAE AML/CFT laws, DNFBP regulations, tax laws, and applicable regulatory obligations
• Legitimate Interests: Processing is necessary for our legitimate interests in operating and improving our business, provided such interests do not override your rights
• Consent: Where required for specific activities such as marketing communications, we rely on your explicit consent, which you may withdraw at any time

5. Disclosure of Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

• Service Providers: Trusted third-party service providers who assist in delivering our services (e.g., cloud hosting, payment processing, IT support), bound by strict confidentiality and data protection obligations
• Regulatory Authorities: UAE regulatory and supervisory authorities (including CBUAE, Ministry of Economy, and law enforcement) where legally required or in response to lawful requests
• Screening Database Providers: Providers of international sanctions watchlists, PEP databases, and adverse media databases integrated into our Sanction Screening Tool
• Professional Advisors: Other professional advisors (legal, financial, or audit) engaged in the course of our business operations, subject to confidentiality obligations
• Business Transfers: A successor entity in the event of a merger, acquisition, or transfer of business assets, subject to equivalent privacy protections

Any cross-border transfer of personal data, where applicable, will be conducted in accordance with the UAE PDPL and applicable international data transfer safeguards.

6. Data Retention

We retain personal information for as long as necessary to fulfil the purposes outlined in this Policy and to comply with our legal and regulatory obligations. Specifically:

• Client data related to AML compliance and KYC is retained for a minimum of five (5) years from the end of the business relationship, as required under UAE AML/CFT regulations
• Website usage data and enquiry records are retained for a period of up to two (2) years
• Financial and billing records are retained in accordance with UAE commercial and tax law requirements

Upon expiry of the applicable retention period, your personal information will be securely deleted or anonymised in accordance with our data disposal procedures.

7. Cookies and Tracking Technologies

Our website www.winnowconsultant.ae may use cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and improve our services. Cookies are small data files stored on your device.

We may use the following types of cookies:

• Essential Cookies: Essential for website functionality, login sessions, and security
• Analytics Cookies: Help us understand how visitors interact with our website (e.g., pages visited, time on site)
• Preference Cookies: Remember your preferences and settings for a better experience

You may control or disable cookies through your browser settings. However, disabling certain cookies may affect the functionality of our website. By continuing to use our website, you consent to the use of cookies as described in this Policy.

8. Data Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:

• Encryption of data in transit and at rest using industry-standard protocols
• Access controls and role-based permissions to limit data access to authorised personnel only
• Regular security assessments and staff training on data protection best practices
• Secure data storage and multi-user access controls through our compliance software platform

While we take all reasonable precautions to safeguard your data, no method of electronic transmission or storage is completely secure. We encourage you to use caution when sharing sensitive information online.

9. Your Data Protection Rights

Subject to applicable UAE law and regulatory limitations (including those applicable to AML/CFT compliance obligations), you have the following rights with respect to your personal data:

• Right of Access: The right to request confirmation of whether we hold personal data about you and to obtain a copy
• Right to Rectification: The right to request correction of inaccurate or incomplete personal data
• Right to Erasure: The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations
• Right to Restriction: The right to request that we limit processing of your data in certain circumstances
• Right to Data Portability: The right to receive your personal data in a structured, machine-readable format where technically feasible
• Right to Object: The right to object to processing of your data for marketing purposes at any time
• Right to Withdraw Consent: Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at frontdesk@winnowuae.com. We will respond to your request within a reasonable timeframe in accordance with applicable law. We may require verification of your identity before processing your request.

10. Children's Privacy

Our website and services are directed exclusively to businesses and professionals. We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently collected such information, please contact us immediately and we will take prompt steps to delete it.

11. Third-Party Websites and Links

Our website may contain links to external websites, partner portals, or regulatory authority websites. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party website you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the 'Last Updated' date at the top of this Policy and, where appropriate, notify you by email or through a prominent notice on our website. We encourage you to review this Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us through any of the following channels:

• Company: Winnow Management and Tax Consultant LLC
• Address: F2, Al Raas Building, Al Khor Street, Al Ras, Gold Souk, Dubai, UAE
• Email: frontdesk@winnowuae.com
• Phone: +971 4 395 5060 | +971 52 67 94 027 | +971 52 67 69 599
• Website: www.winnowconsultant.ae