Data Privacy Statement

Global Stepia FZE LLC ("Global Stepia", "we", "our", or "us") is a business consultancy registered and operating in the Sharjah Publishing City Free Zone (SPC Free Zone), United Arab Emirates. We operate the website www.globalstepia.com (the "Website") and provide cross-border advisory services including immigration advisory, corporate structuring, compliance, M&A advisory, and real estate services.

We are committed to protecting the personal data of our clients, website visitors, and business contacts. This Data Privacy Statement explains how we collect, use, store, and protect personal data in connection with our Website and services.

Regulatory Status: Global Stepia FZE LLC is a business consultancy. Our services do not constitute regulated legal advice or regulated financial advisory services. We recommend that clients seek independent legal and financial counsel where required by applicable law.

We may collect the following categories of personal data:

• Identity data: full name, title, date of birth, nationality, passport or ID information (where required for service delivery)
• Contact data: email address, telephone number, postal address
• Professional data: company name, job title, professional background
• Financial data: information relevant to investment eligibility, income levels, and asset declarations (for relevant service enquiries only)
• Technical data: IP address, browser type and version, time zone, browser plug-in types, operating system, and other technology used to access our Website
• Usage data: information about how you use our Website, products, and services
• Marketing and communications data: your preferences in receiving marketing from us and your communication preferences
• Correspondence data: any information you provide in emails, contact forms, or communications with us

We collect personal data through the following means:

• Direct interactions: when you complete forms on our Website, correspond with us by email or telephone, or provide data in the course of receiving our services
• Automated technologies: as you interact with our Website, we may automatically collect technical and usage data through cookies, server logs, and similar technologies
• Third parties: we may receive personal data from publicly available sources, business referrals, or professional networking platforms such as LinkedIn

We use personal data for the following purposes:

• To respond to enquiries submitted through our contact form or by email
• To provide, manage, and improve the advisory services we deliver to clients
• To conduct due diligence and KYC/AML checks as required by applicable law
• To send our newsletter and insights publications to subscribers (where you have provided consent)
• To operate, maintain, and improve our Website
• To comply with legal and regulatory obligations
• To enforce our terms of service and protect our legal rights
• To communicate with you about changes to our services or policies

We process personal data on the following legal bases under applicable data protection law:

• Consent: where you have provided explicit consent, for example when subscribing to our newsletter or agreeing to cookies
• Contract performance: where processing is necessary to provide services you have requested or to take pre-contractual steps
• Legal obligation: where processing is necessary to comply with UAE law, anti-money laundering regulations, or other applicable legal requirements
• Legitimate interests: where we have a legitimate interest in processing personal data, such as improving our Website, managing business relationships, and preventing fraud

We do not sell personal data. We may share personal data with:

• Service providers who assist us in operating our Website and delivering services (including IT infrastructure, email delivery, and analytics providers), who are bound by confidentiality obligations
• Professional advisors including lawyers, accountants, and auditors, under confidentiality obligations
• Regulatory authorities, government bodies, and law enforcement where required by applicable law
• Partner advisory firms and legal professionals in relevant jurisdictions where required to deliver client services, with client consent

Given our global operations, personal data may be transferred to and processed in countries outside the United Arab Emirates. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

• Transfers to countries with adequate data protection standards as recognised by the relevant authority
• Use of standard contractual clauses or equivalent mechanisms where required
• Obtaining client consent for specific international transfers where applicable

We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted data transmission (SSL/TLS), access controls, and regular security reviews of our systems and processes.

However, no internet transmission or electronic storage method is entirely secure. While we take all reasonable steps to protect your personal data, we cannot guarantee absolute security.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, and in accordance with applicable legal and regulatory retention requirements. Specific retention periods include:

• Client data: retained for the duration of the client relationship and for a minimum of five years thereafter, as required by UAE anti-money laundering regulations
• Contact form enquiries: retained for up to two years from the date of submission
• Newsletter subscriber data: retained until you unsubscribe
• Website usage data: retained for a maximum of 26 months

Our Website uses cookies to enhance your browsing experience and support website functionality. For full details of the cookies we use, please refer to our Cookie Policy.

We may send you newsletter content, insights, and market updates if you have subscribed to our mailing list. You may unsubscribe at any time by clicking the unsubscribe link in any email, or by contacting us at info@globalstepia.com.

We do not engage in unsolicited direct marketing to individuals who have not consented to receive such communications.

Subject to applicable law, you may have the following rights in relation to your personal data:

• Right of access: to request a copy of the personal data we hold about you
• Right to rectification: to request correction of inaccurate or incomplete personal data
• Right to erasure: to request deletion of personal data in certain circumstances
• Right to restriction: to request that we limit the processing of your personal data in certain circumstances
• Right to data portability: to receive your personal data in a structured, commonly used format
• Right to object: to object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent: to withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at info@globalstepia.com. We will respond to your request within 30 days.

Our Website may contain links to third-party websites and services. This Privacy Statement does not apply to those external sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

Our Website and services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete it.

All personal and commercial information shared with Global Stepia in the course of an advisory engagement is treated as strictly confidential. Our team members are bound by confidentiality obligations, and we do not disclose client information to third parties except as described in this Privacy Statement or as required by law.

We may update this Data Privacy Statement from time to time to reflect changes in our practices, technology, or applicable law. The effective date at the top of this document indicates when it was last updated. Where changes are material, we will notify users via a prominent notice on our Website.

If you have any questions about this Privacy Statement, or wish to exercise your data rights, please contact us: