Bestaxca logo

Get Quote

Privacy Policy

Privacy Policy for Bestax Chartered Accountants

This Privacy Policy explains how Bestax Chartered Accountants collects, uses, shares, stores, and protects personal data for website visitors, clients, prospective clients, job applicants, and other individuals who interact with us.

Last Updated: 17 June 2026

Introduction

Bestax Chartered Accountants “Bestax”, “BestaxCA”, “we”, “our” or “us” is committed to protecting your privacy and handling your personal data responsibly, lawfully and transparently.

This Privacy Policy is designed to comply with the UAE Personal Data Protection Law, the EU GDPR and UK GDPR where applicable, and our obligations as a regulated accountancy, tax and advisory firm.

Part A: Website Visitors

For anyone who browses our website, fills in a form, uses online tools, subscribes to updates, or otherwise interacts with us online.

Part B: Clients and Prospective Clients

For individuals connected to businesses or persons who engage us, or are considering engaging us, for professional services.

Who We Are - Data Controller

For the purposes of applicable data protection law, the data controller is Bestax Chartered Accountants, Office 601, Damac Executive Bay Tower B, Al A’amal Street, Business Bay, Dubai, United Arab Emirates.

Email: info@bestaxca.com
Phone: +971 4 585 3215 / +971 56 798 1808
Hours: Monday to Saturday, 09:00–20:00 GST

Part A: Privacy Notice for Website Visitors

Part A: Privacy Notice for Website Visitors

This Part applies to your use of https://bestaxca.com and any related sub-domains, landing pages, online tools such as calculators, and forms together, our “Website”.

A1. Information We Collect

Information you give us. When you complete a contact or enquiry form, request a consultation or quote, subscribe to our newsletter, use one of our online tools, or otherwise communicate with us, you may provide:

  • Your name.
  • Your email address.
  • Your telephone number.
  • Your company or business name and details.
  • The nature of your enquiry or the service you are interested in.
  • Any other information you choose to include in your message.

Information we collect automatically. When you visit our Website, our service providers and we may automatically collect technical and usage data, including your IP address, approximate location, browser type and settings, device information, operating system, the pages you view, the dates and times of your visits, and the website that referred you to us.

We do not intentionally collect sensitive personal data through the Website. Please do not submit sensitive information through web forms.

A2. Cookies and Tracking Technologies

A cookie is a small text file placed on your device when you visit our Website. We use cookies and similar technologies to make the Website function, remember your preferences, measure traffic, and understand how the Website is used.

Strictly necessary cookies are required for the Website to operate and do not require your consent. Analytics, functional and marketing cookies are used only where you have given consent through our cookie banner, or where applicable law otherwise permits.

You can manage or withdraw your consent at any time through our cookie settings, and you can block or delete cookies through your browser settings. Disabling some cookies may affect how the Website works.

A3. How We Use Your Information and Our Lawful Bases

We use website data for the following purposes:

PurposeLawful Basis
Respond to your enquiries and provide requested information or quotes.Steps taken at your request prior to a contract; our legitimate interests.
Operate, maintain, secure and improve the Website and our online tools.Our legitimate interests; legal obligation for security.
Send newsletters, offers and marketing where you have opted in.Your consent.
Analyse traffic and usage to improve user experience.Consent for non-essential analytics; legitimate interests.
Detect, prevent and investigate fraud, misuse and security incidents.Legitimate interests; legal obligation.
Comply with applicable laws and respond to lawful requests.Legal obligation.
Swipe the table on mobile to view all columns.

Where we rely on consent, you may withdraw it at any time without affecting processing carried out before withdrawal. Where we rely on legitimate interests, you may object as described under “Your Rights”.

A4. Sharing Your Information

We do not sell, rent or trade your personal data. We never share your phone number or SMS-consent information with third parties for their own marketing.

We may share website data with service providers, professional advisers, authorities where required by law, and a successor entity in connection with a merger, acquisition, restructuring or sale of assets.

A5. Links to Other Websites and Social Media

Our Website may contain links to, or sharing buttons for, third-party websites and social-media platforms. We are not responsible for their privacy practices. Please review the privacy notice of any third-party site before providing personal data to it.

A6. International Transfers

We are based in the UAE and may use service providers located in other countries. Where we transfer your data outside the UAE, or outside the EEA/UK for individuals protected by GDPR/UK GDPR, we do so only where a lawful transfer mechanism is in place.

A7. How Long We Keep Website Data

We keep enquiry and contact data for as long as needed to deal with your enquiry and for a reasonable period afterwards in case of follow-up. Marketing data is kept until you unsubscribe or withdraw consent. Technical and analytics data is generally retained for shorter periods.

A8. Security

We use appropriate technical and organisational measures to protect website data against unauthorised access, loss or misuse. However, no transmission over the internet can be guaranteed to be completely secure.

Part B: Privacy Notice for Clients and Prospective Clients

Part B: Privacy Notice for Clients and Prospective Clients

This Part applies when you engage us, or consider engaging us, for professional services including accounting and bookkeeping, payroll, VAT, corporate tax, audit and assurance, AML compliance, company formation, business setup, and related advisory services.

It also applies to individuals connected with our corporate clients, including directors, shareholders, ultimate beneficial owners, authorised signatories, employees, and representatives.

B1. Personal Data We Collect

Depending on the Services, we may collect and process:

  • Identity and contact data, including name, nationality, photograph, address, email, telephone number, job title and employer.
  • Identification and verification documents, including passport, Emirates ID, visa and residency documents, trade licence and corporate documents.
  • Ownership and control data, including shareholding, directorship and ultimate-beneficial-ownership information.
  • Financial and transactional data, including bank details, financial statements, ledgers, invoices, payroll information, TRN, VAT and corporate-tax data.
  • Engagement and correspondence data, including instructions, communications and service records.
  • Compliance and screening data, including sanctions, PEP, adverse-media, background screening and public register information.

Some data may be sensitive or fall within special categories under data protection law. We only process such data where the law allows and apply additional safeguards.

B2. Where We Obtain Your Data

We collect personal data directly from you or your representatives, from your colleagues, group companies and advisers, and from third-party or public sources such as government registers, authorities, screening databases, fraud-prevention agencies, media and online sources.

B3. How We Use Your Data and Our Lawful Bases

PurposeLawful Basis
Assess and onboard you, and decide whether to accept the engagement.Steps prior to a contract; legitimate interests.
Provide the Services and perform our engagement contract.Performance of a contract.
Carry out client due diligence, KYC and ongoing monitoring.Legal obligation under AML/CFT requirements.
File regulatory returns and reports such as VAT, corporate tax, UBO and AML reports.Legal obligation.
Verify identity and prevent fraud, money laundering and financial crime.Legal obligation; legitimate interests.
Manage our relationship, billing, and internal administration.Performance of a contract; legitimate interests.
Maintain records and quality, and improve our Services.Legitimate interests; legal obligation.
Establish, exercise or defend legal claims.Legitimate interests; legal obligation.
Send relevant service updates and, where permitted, marketing.Legitimate interests; consent for marketing.
Swipe the table on mobile to view all columns.

B4. Anti-Money-Laundering and Other Regulatory Obligations

As a provider of accounting, audit and tax services, Bestax is a Designated Non-Financial Business and Profession “DNFBP” and is subject to the UAE’s AML/CFT regime, including Federal Decree-Law No. 20 of 2018 and its implementing regulations.

  • We are legally required to collect and verify identification documents and beneficial-ownership information before and during the engagement.
  • We are legally required to retain certain records for minimum periods, generally at least five years and longer in some cases.
  • We may be required to report suspicious activity to the UAE Financial Intelligence Unit through the goAML system or to other competent authorities.
  • Where a report is made, the law may prohibit us from informing you, also known as “tipping off”.

These legal duties can override certain data-protection rights, including deletion or objection rights where retention is legally mandated.

B5. Sharing Your Data

We treat your data as confidential and do not sell it. We may share it with regulators and authorities, service providers and sub-processors, professional advisers, third parties at your request, and a successor or prospective successor in connection with a corporate transaction.

B6. International Transfers

We may transfer your data to recipients outside the UAE, and for individuals protected by GDPR/UK GDPR, outside the EEA/UK. We do so only where a lawful basis and appropriate safeguards are in place.

B7. How Long We Keep Your Data

We retain client data for as long as needed to provide the Services and thereafter for periods required by law and to protect our legal interests. AML and certain financial records are retained for at least five years after the end of the relationship or transaction.

B8. Security and Confidentiality

We apply appropriate technical and organisational security measures, including access controls, encryption where appropriate, and staff confidentiality obligations. All Bestax personnel are bound by professional duties of confidentiality.

B9. Marketing

Where permitted, we may send you information about our Services that we think will be relevant to you. You can opt out at any time using the unsubscribe link in our emails or by contacting us.

Job Applicants

Job Applicants

If you apply for a role with us, we process the personal data in your application, such as your CV, contact details, work history, qualifications and references, to assess your suitability, communicate with you, and manage our recruitment process.

Our lawful bases are taking steps prior to a possible employment contract and our legitimate interests in recruitment, and a legal obligation where right-to-work or similar checks apply.

We keep applicant data for the recruitment process and for a reasonable period afterwards, unless you ask us to remove it earlier or we are required to keep it.

General Terms Applicable to Everyone

Definitions

  • Personal data means any information relating to an identified or identifiable individual.
  • Processing means anything done with personal data, such as collecting, storing, using, sharing or deleting it.
  • Controller means the party that determines how and why personal data is processed, here Bestax.
  • Sensitive / special category data means data given extra protection by law, such as data on health, religion, criminal records, or biometric data.

Your Rights

Subject to applicable law and the legal limits described in this Policy, you may have the right to:

  • Be informed about how we use your data.
  • Access the personal data we hold about you and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data in certain circumstances.
  • Restrict or object to our processing in certain circumstances.
  • Receive certain data in a portable format or have it transferred.
  • Withdraw consent at any time where we rely on consent.
  • Lodge a complaint with the relevant supervisory authority.

These rights are not absolute and may be limited where we have an overriding legal obligation, such as AML record-keeping, or another lawful ground to continue processing.

How to Exercise Your Rights

Send your request to info@bestaxca.com, telling us which right you wish to exercise and providing enough information for us to identify you. We may ask for proof of identity to protect your data.

We will not charge a fee except where permitted by law, for example, for manifestly unfounded or excessive requests.

Children

Our Website and Services are intended for businesses and adults. We do not knowingly collect personal data directly from children. If you believe a child has provided us data without authority, please contact us so we can address it.

Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or the law. The current version, with its “Last updated” date, will always be available on our Website. Material changes will be highlighted where appropriate.

Contacting Us

For any question about this Policy or your personal data, or to exercise your rights, contact:

Company Bestax Chartered Accountants
Office Office 601, Damac Executive Bay Tower B, Al A’amal Street, Business Bay, Dubai, UAE

Complaints

We hope to resolve any concern you raise directly with us. If you are not satisfied, you may contact the relevant supervisory authority in the UAE, the UAE Data Office or, if you are protected by the GDPR/UK GDPR, the data protection authority in your country.

Governing Law

This Policy is governed by the laws of the United Arab Emirates, without prejudice to any mandatory data-protection rights you may have under the laws of your own country.

This Privacy Policy is provided for general informational purposes and should be reviewed by qualified legal counsel before publication, especially where GDPR, UK GDPR, UAE PDPL, AML, tax, and international transfer obligations apply.

Get Free Consultation

Get Free Consultation

Get Free Consultation

Get Free Consultation

UAE Business Setup Cost Calculator