Part A: Privacy Notice for Website Visitors
This Part applies to your use of https://bestaxca.com and any related sub-domains, landing pages, online tools such as calculators, and forms together, our “Website”.
This Privacy Policy explains how Bestax Chartered Accountants collects, uses, shares, stores, and protects personal data for website visitors, clients, prospective clients, job applicants, and other individuals who interact with us.
Bestax Chartered Accountants “Bestax”, “BestaxCA”, “we”, “our” or “us” is committed to protecting your privacy and handling your personal data responsibly, lawfully and transparently.
This Privacy Policy is designed to comply with the UAE Personal Data Protection Law, the EU GDPR and UK GDPR where applicable, and our obligations as a regulated accountancy, tax and advisory firm.
For anyone who browses our website, fills in a form, uses online tools, subscribes to updates, or otherwise interacts with us online.
For individuals connected to businesses or persons who engage us, or are considering engaging us, for professional services.
For the purposes of applicable data protection law, the data controller is Bestax Chartered Accountants, Office 601, Damac Executive Bay Tower B, Al A’amal Street, Business Bay, Dubai, United Arab Emirates.
Email: info@bestaxca.com
Phone: +971 4 585 3215 / +971 56 798 1808
Hours: Monday to Saturday, 09:00–20:00 GST
This Part applies to your use of https://bestaxca.com and any related sub-domains, landing pages, online tools such as calculators, and forms together, our “Website”.
Information you give us. When you complete a contact or enquiry form, request a consultation or quote, subscribe to our newsletter, use one of our online tools, or otherwise communicate with us, you may provide:
Information we collect automatically. When you visit our Website, our service providers and we may automatically collect technical and usage data, including your IP address, approximate location, browser type and settings, device information, operating system, the pages you view, the dates and times of your visits, and the website that referred you to us.
We do not intentionally collect sensitive personal data through the Website. Please do not submit sensitive information through web forms.
A cookie is a small text file placed on your device when you visit our Website. We use cookies and similar technologies to make the Website function, remember your preferences, measure traffic, and understand how the Website is used.
Strictly necessary cookies are required for the Website to operate and do not require your consent. Analytics, functional and marketing cookies are used only where you have given consent through our cookie banner, or where applicable law otherwise permits.
You can manage or withdraw your consent at any time through our cookie settings, and you can block or delete cookies through your browser settings. Disabling some cookies may affect how the Website works.
We use website data for the following purposes:
| Purpose | Lawful Basis |
|---|---|
| Respond to your enquiries and provide requested information or quotes. | Steps taken at your request prior to a contract; our legitimate interests. |
| Operate, maintain, secure and improve the Website and our online tools. | Our legitimate interests; legal obligation for security. |
| Send newsletters, offers and marketing where you have opted in. | Your consent. |
| Analyse traffic and usage to improve user experience. | Consent for non-essential analytics; legitimate interests. |
| Detect, prevent and investigate fraud, misuse and security incidents. | Legitimate interests; legal obligation. |
| Comply with applicable laws and respond to lawful requests. | Legal obligation. |
Where we rely on consent, you may withdraw it at any time without affecting processing carried out before withdrawal. Where we rely on legitimate interests, you may object as described under “Your Rights”.
We do not sell, rent or trade your personal data. We never share your phone number or SMS-consent information with third parties for their own marketing.
We may share website data with service providers, professional advisers, authorities where required by law, and a successor entity in connection with a merger, acquisition, restructuring or sale of assets.
Our Website may contain links to, or sharing buttons for, third-party websites and social-media platforms. We are not responsible for their privacy practices. Please review the privacy notice of any third-party site before providing personal data to it.
We are based in the UAE and may use service providers located in other countries. Where we transfer your data outside the UAE, or outside the EEA/UK for individuals protected by GDPR/UK GDPR, we do so only where a lawful transfer mechanism is in place.
We keep enquiry and contact data for as long as needed to deal with your enquiry and for a reasonable period afterwards in case of follow-up. Marketing data is kept until you unsubscribe or withdraw consent. Technical and analytics data is generally retained for shorter periods.
We use appropriate technical and organisational measures to protect website data against unauthorised access, loss or misuse. However, no transmission over the internet can be guaranteed to be completely secure.
This Part applies when you engage us, or consider engaging us, for professional services including accounting and bookkeeping, payroll, VAT, corporate tax, audit and assurance, AML compliance, company formation, business setup, and related advisory services.
It also applies to individuals connected with our corporate clients, including directors, shareholders, ultimate beneficial owners, authorised signatories, employees, and representatives.
Depending on the Services, we may collect and process:
Some data may be sensitive or fall within special categories under data protection law. We only process such data where the law allows and apply additional safeguards.
We collect personal data directly from you or your representatives, from your colleagues, group companies and advisers, and from third-party or public sources such as government registers, authorities, screening databases, fraud-prevention agencies, media and online sources.
| Purpose | Lawful Basis |
|---|---|
| Assess and onboard you, and decide whether to accept the engagement. | Steps prior to a contract; legitimate interests. |
| Provide the Services and perform our engagement contract. | Performance of a contract. |
| Carry out client due diligence, KYC and ongoing monitoring. | Legal obligation under AML/CFT requirements. |
| File regulatory returns and reports such as VAT, corporate tax, UBO and AML reports. | Legal obligation. |
| Verify identity and prevent fraud, money laundering and financial crime. | Legal obligation; legitimate interests. |
| Manage our relationship, billing, and internal administration. | Performance of a contract; legitimate interests. |
| Maintain records and quality, and improve our Services. | Legitimate interests; legal obligation. |
| Establish, exercise or defend legal claims. | Legitimate interests; legal obligation. |
| Send relevant service updates and, where permitted, marketing. | Legitimate interests; consent for marketing. |
As a provider of accounting, audit and tax services, Bestax is a Designated Non-Financial Business and Profession “DNFBP” and is subject to the UAE’s AML/CFT regime, including Federal Decree-Law No. 20 of 2018 and its implementing regulations.
These legal duties can override certain data-protection rights, including deletion or objection rights where retention is legally mandated.
We treat your data as confidential and do not sell it. We may share it with regulators and authorities, service providers and sub-processors, professional advisers, third parties at your request, and a successor or prospective successor in connection with a corporate transaction.
We may transfer your data to recipients outside the UAE, and for individuals protected by GDPR/UK GDPR, outside the EEA/UK. We do so only where a lawful basis and appropriate safeguards are in place.
We retain client data for as long as needed to provide the Services and thereafter for periods required by law and to protect our legal interests. AML and certain financial records are retained for at least five years after the end of the relationship or transaction.
We apply appropriate technical and organisational security measures, including access controls, encryption where appropriate, and staff confidentiality obligations. All Bestax personnel are bound by professional duties of confidentiality.
Where permitted, we may send you information about our Services that we think will be relevant to you. You can opt out at any time using the unsubscribe link in our emails or by contacting us.
If you apply for a role with us, we process the personal data in your application, such as your CV, contact details, work history, qualifications and references, to assess your suitability, communicate with you, and manage our recruitment process.
Our lawful bases are taking steps prior to a possible employment contract and our legitimate interests in recruitment, and a legal obligation where right-to-work or similar checks apply.
We keep applicant data for the recruitment process and for a reasonable period afterwards, unless you ask us to remove it earlier or we are required to keep it.
Subject to applicable law and the legal limits described in this Policy, you may have the right to:
These rights are not absolute and may be limited where we have an overriding legal obligation, such as AML record-keeping, or another lawful ground to continue processing.
Send your request to info@bestaxca.com, telling us which right you wish to exercise and providing enough information for us to identify you. We may ask for proof of identity to protect your data.
We will not charge a fee except where permitted by law, for example, for manifestly unfounded or excessive requests.
Our Website and Services are intended for businesses and adults. We do not knowingly collect personal data directly from children. If you believe a child has provided us data without authority, please contact us so we can address it.
We may update this Policy from time to time to reflect changes in our practices or the law. The current version, with its “Last updated” date, will always be available on our Website. Material changes will be highlighted where appropriate.
For any question about this Policy or your personal data, or to exercise your rights, contact:
We hope to resolve any concern you raise directly with us. If you are not satisfied, you may contact the relevant supervisory authority in the UAE, the UAE Data Office or, if you are protected by the GDPR/UK GDPR, the data protection authority in your country.
This Policy is governed by the laws of the United Arab Emirates, without prejudice to any mandatory data-protection rights you may have under the laws of your own country.
This Privacy Policy is provided for general informational purposes and should be reviewed by qualified legal counsel before publication, especially where GDPR, UK GDPR, UAE PDPL, AML, tax, and international transfer obligations apply.