This Privacy & Personal Data Processing Policy (“Policy”) describes how we collect, process, store, and protect personal data of users located in the European Union, the United Arab Emirates (including Dubai and other emirates), and the Kingdom of Bahrain.

By using our website, you consent to the practices described in this Policy.

1. Data Controller

The data controller responsible for the processing of personal data is:

Khalid Khan Advisory Services W.L.L.
CR No. 119652
Registered Address: Office No 21, Building 2572, Road 2833 Meral Building Seef, 428
Seef
Email: services@khanconsultant.com

For EU residents, we act as a Data Controller under GDPR.
For residents of the UAE and Bahrain, we act as a Controller under the applicable PDPL.

2. Types of Personal Data We Collect

2.1. Data You Provide Voluntarily

• Name
• Email address
• Phone number
• Company name
• Information submitted through contact forms
• Information for newsletter subscription
• Documents provided for consultations (if applicable)

2.2. Data Collected Automatically

Collected through cookies, scripts, and server logs:

• IP address
• Browser type and version
• Device type and OS
• Referring URLs
• Pages visited and session duration
• Time and date of website access
• Approximate geographic location (city/country)

2.3. Data From Third-Party Services

These services may process personal data depending on your settings:

• Loading of web fonts via Google Fonts
• Display of interactive maps via Google Maps
• Website analytics via Google Analytics
• CDN & hosting providers
• Email marketing platforms (for newsletters)

We implement GDPR-compliant measures for each service, including IP anonymization where possible.

3. Purposes of Processing

We process personal data for:

• Responding to user inquiries
• Delivering requested services or consultations
• Operating and improving our website
• Personalizing user experience
• Analytics and performance measurement
• Newsletter distribution (only with consent)
• Ensuring information security
• Meeting legal and regulatory obligations in the EU, UAE, and Bahrain

4. Legal Basis for Processing

Depending on the jurisdiction, we rely on:

(a) Consent
For marketing, cookies, analytics, newsletter subscription, and optional forms.

(b) Contract Performance
When processing your data is necessary to provide requested services.

(c) Legitimate Interests
For security, analytics, website optimization.

(d) Legal Obligation
For compliance with EU, UAE, and Bahrain PDPL regulations.

5. Cookies & Tracking Technologies

We use the following cookie categories:

Essential Cookies
Required for website functionality (cannot be disabled).

Functional Cookies
Enhance usability and preferences.

Analytics Cookies
Used for aggregated website performance measurement.
Analytics services operate with anonymized or pseudonymized data whenever possible.

Third-Party Cookies
Placed by embedded components such as:

• Google Maps map viewers
• Google Fonts font loader
• Video players
• Social media widgets

You can manage your preferences at any time using the Cookie Settings button.

6. Sharing of Personal Data

We may share data with:

• Hosting providers
• Email service providers
• Analytics and performance services
• External consultants (when the user requests a service)
• Authorities, if required by applicable law

All third parties process personal data exclusively under our instructions and contractual safeguards.

We never sell personal data.

7. International Data Transfers

Your data may be transferred to servers located in:

• The European Union
• The United States (under appropriate safeguards such as SCCs)
• United Arab Emirates
• Bahrain

For any transfer outside the EU, we use:

• Standard Contractual Clauses (SCC)
• Encryption and pseudonymization
• Transfer only to vendors with adequate compliance measures

8. Data Retention

Data is retained only as long as necessary for:

• Fulfilling the purposes stated above
• Meeting accounting, audit, or regulatory requirements
• Resolving disputes

After expiration of the retention periods, data is securely deleted or anonymized.

9. User Rights

Depending on jurisdiction, users may have the right to:

GDPR (EU):

• Access
• Rectification
• Erasure
• Restriction
• Data portability
• Objection
• Withdraw consent
• Lodge a complaint with a supervisory authority

UAE PDPL:

• Access
• Correction
• Deletion
• Restriction
• Stop processing

Bahrain PDPL:

• Access
• Correction
• Blocking or deletion
• Objection on legitimate grounds

To exercise any rights, contact us at services@khanconsultant.com.

10. Security Measures

We apply technical and organizational measures such as:

• HTTPS encryption
• Secure hosting environment
• Access control
• Regular security audits
• Data minimization principles
• IP anonymization for analytics

However, no method of data transmission is completely secure.

11. Third-Party Links

Our website contains links to external websites.
We do not control their privacy practices and are not responsible for their policies.

12. Use of Google Fonts & Google Maps

Google Fonts

We use Google Fonts in compliance with GDPR.
Fonts are loaded through GDPR-compatible methods to avoid transferring personal data such as IP addresses directly to external servers whenever possible.

Google Maps

Embedding Google Maps may collect IP addresses, device information, and location-based metadata.
The user can refuse loading these components via the cookie settings panel.

13. Updates to This Policy

We may update this Policy regularly.
The latest version will always be published on this page.

14. Contact Us

For questions regarding this Policy or personal data:

Khalid Khan Advisory Services W.L.L.
CR No. 119652
Registered Address: Office No 21, Building 2572, Road 2833 Meral Building Seef, 428
Seef
Email: services@khanconsultant.com