Privacy Notice

Effective date: 22 August 2025
Controller: Sievert Consulting FZCO (“we”, “us”, “our”)
Registered office: IFZA Business Park, DDP, PO Box 342001, Dubai, United Arab Emirates
Contact (privacy): privacy@sievert-consulting.net
General contact: office@sievert-consulting.net
Telephone: +971 52 252 0648


We are a consultancy focused on international tax transparency and regulatory compliance (FATCA, CRS, QI, Crypto-Asset Reporting (CARF) and related topics). This notice explains how we process personal data in connection with our website and services.

1) What data we collect & how we obtain it

  • Identification & contact data: name, role/title, organisation, email, phone.
  • Business context data: enquiry content, engagement details, billing data.
  • Compliance data: information needed for legal and regulatory obligations (e.g., AML/KYC, FATCA/CRS/QI-related documentation where applicable).
  • Technical data: IP address, device/browser information, basic logs; cookies (see Section 7).

Sources: directly from you; from your organisation; from business partners; from publicly available sources; automatically via our website (technical/cookie data).

2) Purposes & legal bases

We process personal data for the following purposes and on the following bases (as applicable under UAE data protection law (PDPL) and other relevant laws):

  • Responding to enquiries & delivering services (contract or steps prior to entering into a contract; legitimate interests).
  • Regulatory & legal compliance including FATCA/CRS/QI, AML/KYC, sanctions screening and record-keeping (legal obligation; substantial public interest where applicable).
  • Client relationship management & operations such as scheduling, invoicing, vendor management, and service quality (legitimate interests).
  • Marketing & events (consent where required; otherwise legitimate interests with opt‑out).

Where we rely on legitimate interests, we balance our interests against your rights and expectations. You may object at any time (see Section 6).

3) Sharing of personal data

We may share limited personal data with:

  • Service providers (IT hosting, email, collaboration, analytics, document management) under appropriate confidentiality and security commitments;
  • Professional advisers & partners (e.g., our collaborating law firm in Germany) for engagement delivery;
  • Authorities and regulators where legally required;
  • Potential acquirers/assignees in the context of corporate transactions, subject to safeguards.

We do not sell personal data.

4) International transfers

Where data is transferred outside the UAE, we use adequacy decisions issued/recognised by the UAE Data Office (where available) or appropriate safeguards (e.g., contractual clauses) and ensure recipients are obliged to protect the data. You may request information about such safeguards and how to obtain a copy.

5) Retention

We retain personal data only as long as necessary for the purposes above and to comply with legal/record‑keeping requirements (e.g., tax and regulatory limitation periods). We apply documented retention schedules and delete or anonymise data when it is no longer needed.

6) Your rights

Subject to applicable law, you may request to access, rectify, erase, or restrict processing; object to processing (including marketing); withdraw consent (with future effect); and request data portability.
To exercise your rights, contact privacy@sievert-consulting.net. We aim to respond within one (1) month; where requests are complex or numerous, we may extend by up to two (2) months and will inform you accordingly. You also have the right to lodge a complaint with the competent supervisory authority (see Section 10).

7) Cookies & marketing

We use only necessary cookies by default. If we employ analytics/marketing cookies, we will request your consent via a cookie banner and provide controls to manage preferences. You can opt out of marketing communications at any time by using the unsubscribe link or contacting us.

8) Security

We implement appropriate technical and organisational measures (access controls, encryption where appropriate, secure configuration, vendor due diligence, staff confidentiality, backup and recovery, retention & deletion controls) to protect personal data against unauthorised access, alteration or loss.

9) Automated decision‑making

We do not use automated decision‑making that produces legal or similarly significant effects without human involvement. If this changes, we will update this notice and provide meaningful information about the logic involved and potential consequences.

10) Local regimes (DIFC/ADGM) & supervisory authorities

If we process personal data in the DIFC or ADGM, we comply with those regimes’ data protection laws and guidance in addition to this notice.
Complaints: For UAE federal PDPL matters, you may contact the UAE Data Office. For processing within the DIFC, you may contact the DIFC Commissioner of Data Protection; for ADGM, the ADGM Office of Data Protection.

11) Children

Our website and services are not directed at children, and we do not knowingly collect personal data from individuals under the age defined by applicable law. If you believe a child has provided us with personal data, please contact us so we can delete it.

12) Third‑party links

Our website may contain links to third‑party sites/services. Those sites have their own privacy notices; we are not responsible for their content or practices.

13) Updates to this notice

We may update this notice from time to time to reflect changes in our processing or legal requirements. The latest version will be posted on this page with the updated effective date.

Contact for privacy matters:

privacy@sievert-consulting.net
Sievert Consulting FZCO, IFZA Business Park, DDP, PO Box 342001, Dubai, United Arab Emirates