Privacy Policy

Effective Date: 12 June, 2025

This Privacy Policy sets forth the terms under which Sky Bridge Advisory (“we,” “our,” or “the Firm”) collects, processes, uses, stores, shares, and protects personal and professional data obtained through its websites, portals, professional engagements, and all affiliated digital properties. Sky Bridge Advisory maintains a legal and fiduciary responsibility to uphold the highest standards of data security, compliance, and transparency across jurisdictions, including the United Arab Emirates (UAE), Gulf Cooperation Council (GCC) states, and internationally.

Definations

Personal Data refers to any data relating to an identified or identifiable natural or legal person, including but not limited to name, identification number, professional title, contact information, and submitted documentation.

Data Subject refers to an individual or corporate entity whose personal or corporate data is collected, processed, or stored by the Firm.

Processing means any operation performed on Personal Data including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, disclosure, dissemination, or erasure.

Applicable Law refers to the relevant data protection legislation in effect, including but not limited to Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data in the UAE, GDPR (where applicable), and other data regulations in operational jurisdictions.

Data Collection and Legal Basis

Sky Bridge Advisory may collect the following categories of data:

Name, contact number, and professional email address
Business title, organization name, and jurisdiction of operation
Communications and correspondences (email, forms, proposals)
Submitted documentation for advisory engagement (including financial, legal, or operational data)
Technical usage data, including session logs, navigation patterns, and cookie identifiers

We collect data based on the following legal bases:

Consent obtained through contact forms, submissions, or advisory agreements
Contractual necessity in the execution of advisory services
Legal compliance with jurisdictional mandates or audit procedures
Legitimate interests such as risk mitigation, internal governance, and advisory planning

Purpose of Data Processing

The Firm processes Personal Data strictly in accordance with the intended and agreed purposes, which include but are not limited to:

Responding to advisory inquiries and business proposals
Conducting due diligence and onboarding assessments
Structuring and implementing institutional strategy plans
Delivering whitepapers, sector-specific resources, and policy insights
Fulfilling regulatory obligations including audit trails and financial disclosures
Ensuring secure access to privileged or credentialed materials

Sky Bridge Advisory shall not process Personal Data for secondary or unrelated purposes without obtaining explicit and documented consent.

Data Retention

All Personal Data shall be retained only for the period necessary to fulfill its intended processing purpose or to satisfy applicable legal, regulatory, or reporting requirements. Standard retention periods are as follows:

Advisory inquiries: 24 months
Engagement records: 7 years post-final delivery
Compliance documentation: 10 years in accordance with applicable regulatory statutes
Audit logs and internal system access: 18 months

Upon expiration of the applicable retention period, data will be securely deleted or anonymized unless required for archival, legal, or public interest reasons.

Disclosure and International Transfer

Sky Bridge Advisory does not sell or commercially share any Personal Data with third parties. Disclosure is permitted only under the following circumstances:

To authorized staff, consultants, or auditors bound by confidentiality agreements
To regulatory authorities or courts as legally mandated
To affiliated entities within the Sky Bridge Advisory Group for internal reporting
In the event of a corporate merger, acquisition, or legal restructuring

Any transfer of Personal Data across borders, including to countries outside the UAE or GCC, is carried out in compliance with applicable cross-border transfer rules and secured through adequate safeguards including Standard Contractual Clauses or regulatory approvals.

Data Security Measures

Sky Bridge Advisory applies robust and evolving technical and organizational measures to safeguard data integrity, including but not limited to:

Tiered access control with two-factor authentication (2FA)
Encrypted document handling (AES-256)
Scheduled vulnerability assessments and penetration testing
Physical access limitations in data centers
Comprehensive breach response protocols

In the event of a security incident or data breach, the Firm commits to timely notification of affected data subjects and competent authorities within the timeframes prescribed by law.

Cookie Policy

Our website uses essential and functional cookies to maintain site operations. Analytical cookies may be used to:

Track non-personal browsing behavior
Analyze page performance
Support user navigation and system optimization

Visitors may opt out of non-essential cookies via browser settings or site-based cookie preference managers. The Firm does not use cookies to profile, advertise, or target individuals.

User Rights

All data subjects have rights under applicable laws, including:

Right to Access: Request access to personal data and processing details
Right to Rectification: Request correction of inaccurate or outdated data
Right to Erasure: Request deletion of data when no longer necessary
Right to Restrict Processing: Limit processing in specific circumstances
Right to Object: Oppose processing on grounds related to specific personal situations
Right to Data Portability: Receive personal data in a structured, machine-readable format

Requests can be submitted by email to [email protected]. The Firm will respond within 30 calendar days, extendable under lawful conditions.

Third-Party Links and Services

Sky Bridge Advisory’s website may contain links to external content, research portals, and governmental platforms. We do not control and are not responsible for the privacy practices of these third parties. Users are encouraged to consult the privacy notices of such entities independently.

Children’s Data

Sky Bridge Advisory does not knowingly collect or process data from minors under the age of 18. All services and platforms are intended for professional or institutional use only.

Policy Updates

This Privacy Policy may be amended periodically to reflect operational, legal, or regulatory changes. The Firm will post updated versions with revision dates prominently displayed. Continued use of our platforms constitutes acceptance of these changes.

Governing Law and Jurisdiction

This Privacy Policy and all matters arising from it shall be governed by the laws of the United Arab Emirates and applicable GCC regulations. Any disputes arising in connection with this policy shall be subject to the exclusive jurisdiction of the DIFC Courts in Dubai.

Contact and Complaints

For questions, concerns, or formal complaints regarding this Privacy Policy, please contact:

Data Governance Office
Sky Bridge Advisory
Gate Village 7, DIFC, Dubai, UAE
Email: [email protected]
Phone: +971-4-222-5678

Data subjects also retain the right to lodge complaints with a competent Data Protection Authority in their jurisdiction.

Version: 1.0
Last Revised: [Insert Date]