Last updated: 06 February 2026
This Personal Data Processing Policy (the “Policy”) is drafted in accordance with the legislation of the United Arab Emirates in the field of personal data protection, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”), and sets out the procedure for processing personal data and the measures taken by Mountain Accounting and Bookkeeping LLC (the “Controller”) to ensure the security of personal data.
The Controller considers respect for the rights and freedoms of individuals when processing their personal data, including the protection of the right to privacy, family and personal life, as well as compliance with the requirements of the PDPL and other applicable acts of the United Arab Emirates, to be a key objective and condition of its activities.
This Policy applies to all information that the Controller may obtain about visitors of the website mountainfinance.ae (the “Website”), as well as in the course of providing services and interacting with clients through the Website.
For any questions related to the processing and protection of personal data, the User may contact the Controller’s Data Protection Contact at: info@mountainfinance.ae.
----------------------
1. General provisions
1.1. The Controller is a legal entity registered in the United Arab Emirates and processes personal data in accordance with the PDPL and other applicable legislation.
1.2. This Policy defines the procedure and conditions for processing personal data, as well as the rights of data subjects and the obligations of the Controller in connection with such processing.
1.3. By using the Website and providing their personal data to the Controller, the User confirms that they have read this Policy and, where required, give their consent to the processing of personal data in the manner prescribed by law.
----------------------
2. Key terms used in this Policy
2.1. Automated processing of personal data means the processing of personal data using computer technology.
2.2. Blocking of personal data means the temporary cessation of processing of personal data (except where processing is required to protect the rights and legitimate interests of the data subject or other persons or to comply with legal obligations).
2.3. Website means a set of graphical and information materials, as well as software and databases, making them available on the Internet at the network address mountainfinance.ae.
2.4. Personal data information system means a set of personal data contained in databases and information technologies and technical means ensuring their processing.
2.5. Anonymisation of personal data means actions that result in it no longer being possible, without the use of additional information, to identify that personal data as relating to a specific User or other data subject.
2.6. Processing of personal data means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, systematisation, accumulation, storage, amendment (updating, changing), retrieval, use, transfer (disclosure, provision, access), anonymisation, blocking, erasure and destruction of personal data.
2.7. Controller means Mountain Accounting and Bookkeeping LLC, a legal entity which, acting alone or jointly with others, determines the purposes and means of processing personal data, the composition of personal data to be processed and the operations performed with personal data.
2.8. Personal data means any information relating directly or indirectly to an identified or identifiable User of the Website or any other natural person (data subject).
2.9. Personal data permitted by the data subject for dissemination means personal data to which the data subject has allowed access to an unlimited number of persons through explicit consent or publication, in the manner provided for by the applicable legislation of the United Arab Emirates.
2.10. User means any visitor of the Website mountainfinance.ae, as well as any person who fills in web forms or otherwise provides their personal data to the Controller through the Website.
2.11. Provision of personal data means any actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Disclosure (distribution) of personal data means any actions aimed at disclosing personal data to an indefinite number of persons or providing access to personal data to an unlimited number of persons (including by placing personal data on the Website, in telecommunication networks or by other means).
2.13. Cross-border transfer of personal data means the transfer of personal data to the territory of a foreign state or to an international organisation, including access to personal data from outside the United Arab Emirates.
2.14. Destruction of personal data means any actions as a result of which personal data are irreversibly destroyed, making it impossible to further restore the content of personal data in the personal data information system and/or physical media containing personal data are destroyed.
----------------------
3. Key rights and obligations of the Controller
3.1. The Controller has the right to:
– receive from the data subject accurate information and/or documents containing personal data to the extent necessary to achieve the purposes of processing;– continue processing personal data without obtaining separate consent from the data subject where such processing is based on other lawful grounds provided for in the PDPL (performance of a contract, compliance with legal obligations, legitimate interest, etc.);– independently determine the scope and list of measures necessary and sufficient to ensure fulfilment of its obligations prescribed by the PDPL and other applicable acts, unless otherwise required by law;– engage third parties (service providers) to process personal data on the basis of agreements entered into with them, in cases established by law.
3.2. The Controller is obliged to:
– provide the data subject, upon their request, with information relating to the processing of their personal data, within the time limits and in the manner established by law;– organise and perform the processing of personal data in accordance with the PDPL and other applicable legislation of the United Arab Emirates;– respond to requests and inquiries from data subjects within the time limits and in the form prescribed by law;– cooperate with the competent data protection authority of the United Arab Emirates (UAE Data Office) in the cases and in the manner stipulated by law;– publish this Policy or otherwise ensure unrestricted access to it;– take legal, organisational and technical measures to protect personal data against unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination and other unlawful actions;– cease or restrict the processing of personal data in cases provided for in the PDPL, and destroy or anonymise personal data upon achievement of the purposes of processing or when there are no grounds for further processing;– fulfil other obligations provided for in the PDPL and applicable legislation of the United Arab Emirates.
----------------------
4. Key rights and obligations of data subjects
4.1. Data subjects have the right to:
– receive information relating to the processing of their personal data, including information about the purposes, legal bases, categories of data, retention periods, recipients and cross-border transfers;– request that the Controller rectify or update their personal data if such data are incomplete or inaccurate;– request the erasure of personal data in cases provided for in the PDPL;– request restriction of the processing of personal data in cases provided for in the PDPL;– object to the processing of personal data on grounds relating to their particular situation, as well as to the processing of personal data for direct marketing purposes;– request to receive their personal data in a structured, machine-readable format and, where applicable, to have those data transmitted to another controller (right to data portability);– withdraw their consent to the processing of personal data at any time where processing is based on consent, without affecting the lawfulness of processing carried out before such withdrawal;– lodge complaints against acts or omissions of the Controller with the competent data protection authority of the United Arab Emirates or in court.
4.2. Data subjects are obliged to:
– provide the Controller with accurate data about themselves to the extent necessary;– timely inform the Controller of any amendments (updates, changes) to their personal data.
4.3. Persons who provide the Controller with inaccurate information about themselves or information about another data subject without proper legal grounds shall be liable in accordance with the applicable legislation of the United Arab Emirates.
----------------------
5. Principles of personal data processing
5.1. Personal data are processed in a lawful, fair and transparent manner in relation to the data subject.
5.2. The processing of personal data is limited to the achievement of specific, explicit and legitimate purposes that the data subject is informed about before or at the time when processing is started. Processing of personal data that is incompatible with the purposes of their collection is not permitted.
5.3. Databases containing personal data processed for purposes that are incompatible with each other must not be merged.
5.4. Only personal data that are adequate, relevant and limited to what is necessary in relation to the stated purposes of processing are processed.
5.5. The content and scope of processed personal data correspond to the stated purposes of processing, and the Controller strives to minimise the volume of personal data processed.
5.6. The accuracy and up-to-dateness of personal data are ensured during processing; where necessary, the Controller takes measures to delete or correct incomplete or inaccurate data.
5.7. Personal data are stored in a form allowing identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed or as required by applicable legislation of the United Arab Emirates. Upon achievement of the purposes of processing or expiry of legally prescribed periods, personal data are deleted or anonymised, unless otherwise required by law.
----------------------
6. Purposes of personal data processing
The purposes of processing are:
– providing the User with access to the services, information and/or materials available on the Website;– reviewing inquiries;– interacting with potential and existing clients;– entering into and performing contracts;– informing about the Controller’s services;– analytics and improvement of the Website’s performance.
Personal data:
– surname, first name (and patronymic, if applicable);– email address;– telephone numbers;– company name and position (where indicated);– data on interaction with the Website (IP address, device and browser type, visited pages, cookies and similar identifiers, including data collected through Google Analytics).
Legal bases for processing:
– entering into and performance of contracts between the Controller and the data subject or the company represented by the data subject;– fulfilment of the Controller’s legal obligations under the legislation of the United Arab Emirates (including accounting, tax reporting and anti-money laundering requirements, where applicable);– the Controller’s legitimate interests (business development and protection, ensuring the security of the Website and infrastructure, improving service quality and analysing Website usage), provided that such interests do not override the rights and freedoms of the data subject;– explicit consent of the data subject where required by the PDPL (for example, for the use of non-strictly-necessary cookies).
Types of personal data processing:
– collection, recording, systematisation, accumulation, storage, amendment (updating, changing), retrieval, use, transfer (disclosure, provision, access), anonymisation, blocking, erasure and destruction of personal data.
----------------------
7. Conditions for personal data processing
7.1. Personal data are processed on the basis of the data subject’s consent in cases where the PDPL requires such consent, including for the use of certain categories of cookies and other tracking technologies that are not strictly necessary for the operation of the Website.
7.2. Personal data may be processed without obtaining separate consent from the data subject where such processing is necessary for:
– performance of a contract to which the data subject is a party, or in order to take steps at the data subject’s request prior to entering into such a contract;– compliance with the Controller’s legal obligations under the legislation of the United Arab Emirates;– protection of the vital interests of the data subject or another person;– pursuing the legitimate interests of the Controller or third parties, provided that such interests do not conflict with the rights and freedoms of the data subject;– any other grounds expressly provided for in the PDPL and applicable legislation.
7.3. Personal data may also be processed where such data have been made manifestly public by the data subject, provided the requirements of the PDPL and the rights of the data subject are observed.
7.4. The processing of personal data for direct marketing purposes (including the distribution of promotional and informational materials) is carried out only where a lawful basis exists and with full respect for the data subject’s right to object to such processing or to unsubscribe from marketing communications at any time. As at the date of this Policy, the Controller does not perform regular email marketing through the Website and typically uses contact details to respond to inquiries and maintain business correspondence.
7.5. The Controller’s services and the Website are not intended for children and minors. The Controller does not knowingly collect personal data of individuals under the age of 18 and assumes that Users who complete forms on the Website and provide their data to the Controller are at least 18 years old. If the Controller becomes aware that personal data of a child have been obtained without an appropriate legal basis, such data will be deleted or processed in accordance with legal requirements.
----------------------
8. Procedure for collection, storage, transfer and other processing of personal data
8.1. The security of personal data processed by the Controller is ensured by implementing legal, organisational and technical measures necessary to comply with the requirements of the PDPL and other applicable acts.
8.2. The Controller safeguards personal data and takes measures to prevent unauthorised access to personal data, including:
– restricting access to personal data on a need-to-know basis;– using technical protection tools and secure communication channels;– hosting the Website and the relevant infrastructure with a provider located in the United Arab Emirates or in other jurisdictions where cross-border transfer requirements are met.
8.3. Personal data of the User may be transferred to third parties (service providers such as hosting providers, email and CRM service providers, analytics providers, including Google Analytics) only to the extent necessary for the provision of services and subject to the conclusion of agreements ensuring the confidentiality and security of personal data, or in cases provided for by law or with the data subject’s consent.
8.4. If inaccuracies are found in the personal data, the User may update them by sending a notification to the Controller at info@mountainfinance.ae with the subject line “Personal data update” or by using other available communication channels.
8.5. The duration of personal data processing is determined by the achievement of the purposes for which personal data were collected and by compliance with the retention periods set by the applicable legislation of the United Arab Emirates. Upon achievement of the purposes or expiry of the relevant periods, personal data must be deleted or anonymised, unless otherwise required by law.
8.6. The User may withdraw their consent to the processing of personal data at any time where processing is based on consent, by sending a notification to the Controller at info@mountainfinance.ae with the subject line “Withdrawal of consent to personal data processing”. In such a case, the Controller may continue processing the data to the extent permitted by the PDPL on other lawful grounds.
8.7. Any information collected by third-party services (including payment systems, communication tools and other service providers) is stored and processed by such parties in accordance with their own terms of use and privacy policies. The data subject is required to familiarise themselves with these documents independently. The Controller is not responsible for the actions of third parties that process personal data as independent controllers.
8.8. Restrictions on the transfer or processing of personal data set by the data subject may not apply where processing is carried out for the purposes of fulfilling the Controller’s legal obligations, protecting the vital interests of the data subject, or in other public interest situations provided for by the legislation of the United Arab Emirates.
8.9. When processing personal data, the Controller ensures the confidentiality of personal data and does not disclose them to third parties, except in cases provided for in this Policy, the PDPL or other applicable legislation.
8.10. The Controller stores personal data in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed or for the periods required by the legislation of the United Arab Emirates on data and document retention. After such periods expire, personal data are deleted or anonymised in a secure manner.
8.11. The processing of personal data may be terminated upon achievement of the purposes of processing, upon the expiry of the term of consent (if applicable) and in the absence of other lawful grounds for processing, upon withdrawal of consent by the data subject (where no other lawful grounds for processing exist), and upon detection of unlawful processing of personal data.
8.12. In the event of an incident involving a breach of personal data security that may create a significant risk to the rights and freedoms of data subjects, the Controller will assess such incident and, where required by law, notify the competent data protection authority of the United Arab Emirates and the data subjects without undue delay and in accordance with the PDPL.
----------------------
9. List of actions performed by the Controller with personal data received
9.1. The Controller performs the following actions with personal data: collection, recording, systematisation, accumulation, storage, amendment (updating, changing), retrieval, use, transfer (disclosure, provision, access), anonymisation, blocking, erasure and destruction of personal data.
9.2. The Controller may carry out automated processing of personal data using telecommunication networks, as well as combined processing using both automated means and manual means, depending on the nature of the processing operations.
----------------------
10. Cross-border transfer of personal data
10.1. The Controller may carry out cross-border transfers of personal data to other countries or international organisations where this is necessary for hosting and operating IT infrastructure, using cloud services, providing services or achieving other lawful purposes, subject to compliance with the PDPL requirements for ensuring an adequate level of protection of personal data.
10.2. Transfers of personal data to countries that do not ensure an adequate level of protection may take place where appropriate safeguards are in place as required by the PDPL (for example, contractual mechanisms and standard clauses, explicit consent of the data subject in certain cases, or other grounds provided for by law).
10.3. The Controller may maintain records of cross-border transfers of personal data in cases required by the PDPL and, upon request of a data subject, provide general information about the jurisdictions and categories of recipients to which such transfers are made.
----------------------
11. Confidentiality of personal data
The Controller and any other persons who obtain access to personal data on the basis of agreements or by virtue of law are obliged not to disclose or distribute personal data to third parties without a lawful basis or proper consent of the data subject, except where disclosure is expressly required by the legislation of the United Arab Emirates.
----------------------
12. Final provisions
12.1. The User may obtain any clarifications on matters relating to the processing of their personal data by contacting the Controller at info@mountainfinance.ae or via other contact details indicated on the Website.
12.2. This Policy may be amended in the event of changes in the Controller’s business processes or in the applicable legislation of the United Arab Emirates in the field of personal data protection. The new version of the Policy enters into force from the moment it is published on the Website, unless otherwise provided in such version. The Policy remains in force indefinitely until replaced by a new version.
This Personal Data Processing Policy (the “Policy”) is drafted in accordance with the legislation of the United Arab Emirates in the field of personal data protection, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”), and sets out the procedure for processing personal data and the measures taken by Mountain Accounting and Bookkeeping LLC (the “Controller”) to ensure the security of personal data.
The Controller considers respect for the rights and freedoms of individuals when processing their personal data, including the protection of the right to privacy, family and personal life, as well as compliance with the requirements of the PDPL and other applicable acts of the United Arab Emirates, to be a key objective and condition of its activities.
This Policy applies to all information that the Controller may obtain about visitors of the website mountainfinance.ae (the “Website”), as well as in the course of providing services and interacting with clients through the Website.
For any questions related to the processing and protection of personal data, the User may contact the Controller’s Data Protection Contact at: info@mountainfinance.ae.
----------------------
1. General provisions
1.1. The Controller is a legal entity registered in the United Arab Emirates and processes personal data in accordance with the PDPL and other applicable legislation.
1.2. This Policy defines the procedure and conditions for processing personal data, as well as the rights of data subjects and the obligations of the Controller in connection with such processing.
1.3. By using the Website and providing their personal data to the Controller, the User confirms that they have read this Policy and, where required, give their consent to the processing of personal data in the manner prescribed by law.
----------------------
2. Key terms used in this Policy
2.1. Automated processing of personal data means the processing of personal data using computer technology.
2.2. Blocking of personal data means the temporary cessation of processing of personal data (except where processing is required to protect the rights and legitimate interests of the data subject or other persons or to comply with legal obligations).
2.3. Website means a set of graphical and information materials, as well as software and databases, making them available on the Internet at the network address mountainfinance.ae.
2.4. Personal data information system means a set of personal data contained in databases and information technologies and technical means ensuring their processing.
2.5. Anonymisation of personal data means actions that result in it no longer being possible, without the use of additional information, to identify that personal data as relating to a specific User or other data subject.
2.6. Processing of personal data means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, systematisation, accumulation, storage, amendment (updating, changing), retrieval, use, transfer (disclosure, provision, access), anonymisation, blocking, erasure and destruction of personal data.
2.7. Controller means Mountain Accounting and Bookkeeping LLC, a legal entity which, acting alone or jointly with others, determines the purposes and means of processing personal data, the composition of personal data to be processed and the operations performed with personal data.
2.8. Personal data means any information relating directly or indirectly to an identified or identifiable User of the Website or any other natural person (data subject).
2.9. Personal data permitted by the data subject for dissemination means personal data to which the data subject has allowed access to an unlimited number of persons through explicit consent or publication, in the manner provided for by the applicable legislation of the United Arab Emirates.
2.10. User means any visitor of the Website mountainfinance.ae, as well as any person who fills in web forms or otherwise provides their personal data to the Controller through the Website.
2.11. Provision of personal data means any actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Disclosure (distribution) of personal data means any actions aimed at disclosing personal data to an indefinite number of persons or providing access to personal data to an unlimited number of persons (including by placing personal data on the Website, in telecommunication networks or by other means).
2.13. Cross-border transfer of personal data means the transfer of personal data to the territory of a foreign state or to an international organisation, including access to personal data from outside the United Arab Emirates.
2.14. Destruction of personal data means any actions as a result of which personal data are irreversibly destroyed, making it impossible to further restore the content of personal data in the personal data information system and/or physical media containing personal data are destroyed.
----------------------
3. Key rights and obligations of the Controller
3.1. The Controller has the right to:
– receive from the data subject accurate information and/or documents containing personal data to the extent necessary to achieve the purposes of processing;– continue processing personal data without obtaining separate consent from the data subject where such processing is based on other lawful grounds provided for in the PDPL (performance of a contract, compliance with legal obligations, legitimate interest, etc.);– independently determine the scope and list of measures necessary and sufficient to ensure fulfilment of its obligations prescribed by the PDPL and other applicable acts, unless otherwise required by law;– engage third parties (service providers) to process personal data on the basis of agreements entered into with them, in cases established by law.
3.2. The Controller is obliged to:
– provide the data subject, upon their request, with information relating to the processing of their personal data, within the time limits and in the manner established by law;– organise and perform the processing of personal data in accordance with the PDPL and other applicable legislation of the United Arab Emirates;– respond to requests and inquiries from data subjects within the time limits and in the form prescribed by law;– cooperate with the competent data protection authority of the United Arab Emirates (UAE Data Office) in the cases and in the manner stipulated by law;– publish this Policy or otherwise ensure unrestricted access to it;– take legal, organisational and technical measures to protect personal data against unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination and other unlawful actions;– cease or restrict the processing of personal data in cases provided for in the PDPL, and destroy or anonymise personal data upon achievement of the purposes of processing or when there are no grounds for further processing;– fulfil other obligations provided for in the PDPL and applicable legislation of the United Arab Emirates.
----------------------
4. Key rights and obligations of data subjects
4.1. Data subjects have the right to:
– receive information relating to the processing of their personal data, including information about the purposes, legal bases, categories of data, retention periods, recipients and cross-border transfers;– request that the Controller rectify or update their personal data if such data are incomplete or inaccurate;– request the erasure of personal data in cases provided for in the PDPL;– request restriction of the processing of personal data in cases provided for in the PDPL;– object to the processing of personal data on grounds relating to their particular situation, as well as to the processing of personal data for direct marketing purposes;– request to receive their personal data in a structured, machine-readable format and, where applicable, to have those data transmitted to another controller (right to data portability);– withdraw their consent to the processing of personal data at any time where processing is based on consent, without affecting the lawfulness of processing carried out before such withdrawal;– lodge complaints against acts or omissions of the Controller with the competent data protection authority of the United Arab Emirates or in court.
4.2. Data subjects are obliged to:
– provide the Controller with accurate data about themselves to the extent necessary;– timely inform the Controller of any amendments (updates, changes) to their personal data.
4.3. Persons who provide the Controller with inaccurate information about themselves or information about another data subject without proper legal grounds shall be liable in accordance with the applicable legislation of the United Arab Emirates.
----------------------
5. Principles of personal data processing
5.1. Personal data are processed in a lawful, fair and transparent manner in relation to the data subject.
5.2. The processing of personal data is limited to the achievement of specific, explicit and legitimate purposes that the data subject is informed about before or at the time when processing is started. Processing of personal data that is incompatible with the purposes of their collection is not permitted.
5.3. Databases containing personal data processed for purposes that are incompatible with each other must not be merged.
5.4. Only personal data that are adequate, relevant and limited to what is necessary in relation to the stated purposes of processing are processed.
5.5. The content and scope of processed personal data correspond to the stated purposes of processing, and the Controller strives to minimise the volume of personal data processed.
5.6. The accuracy and up-to-dateness of personal data are ensured during processing; where necessary, the Controller takes measures to delete or correct incomplete or inaccurate data.
5.7. Personal data are stored in a form allowing identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed or as required by applicable legislation of the United Arab Emirates. Upon achievement of the purposes of processing or expiry of legally prescribed periods, personal data are deleted or anonymised, unless otherwise required by law.
----------------------
6. Purposes of personal data processing
The purposes of processing are:
– providing the User with access to the services, information and/or materials available on the Website;– reviewing inquiries;– interacting with potential and existing clients;– entering into and performing contracts;– informing about the Controller’s services;– analytics and improvement of the Website’s performance.
Personal data:
– surname, first name (and patronymic, if applicable);– email address;– telephone numbers;– company name and position (where indicated);– data on interaction with the Website (IP address, device and browser type, visited pages, cookies and similar identifiers, including data collected through Google Analytics).
Legal bases for processing:
– entering into and performance of contracts between the Controller and the data subject or the company represented by the data subject;– fulfilment of the Controller’s legal obligations under the legislation of the United Arab Emirates (including accounting, tax reporting and anti-money laundering requirements, where applicable);– the Controller’s legitimate interests (business development and protection, ensuring the security of the Website and infrastructure, improving service quality and analysing Website usage), provided that such interests do not override the rights and freedoms of the data subject;– explicit consent of the data subject where required by the PDPL (for example, for the use of non-strictly-necessary cookies).
Types of personal data processing:
– collection, recording, systematisation, accumulation, storage, amendment (updating, changing), retrieval, use, transfer (disclosure, provision, access), anonymisation, blocking, erasure and destruction of personal data.
----------------------
7. Conditions for personal data processing
7.1. Personal data are processed on the basis of the data subject’s consent in cases where the PDPL requires such consent, including for the use of certain categories of cookies and other tracking technologies that are not strictly necessary for the operation of the Website.
7.2. Personal data may be processed without obtaining separate consent from the data subject where such processing is necessary for:
– performance of a contract to which the data subject is a party, or in order to take steps at the data subject’s request prior to entering into such a contract;– compliance with the Controller’s legal obligations under the legislation of the United Arab Emirates;– protection of the vital interests of the data subject or another person;– pursuing the legitimate interests of the Controller or third parties, provided that such interests do not conflict with the rights and freedoms of the data subject;– any other grounds expressly provided for in the PDPL and applicable legislation.
7.3. Personal data may also be processed where such data have been made manifestly public by the data subject, provided the requirements of the PDPL and the rights of the data subject are observed.
7.4. The processing of personal data for direct marketing purposes (including the distribution of promotional and informational materials) is carried out only where a lawful basis exists and with full respect for the data subject’s right to object to such processing or to unsubscribe from marketing communications at any time. As at the date of this Policy, the Controller does not perform regular email marketing through the Website and typically uses contact details to respond to inquiries and maintain business correspondence.
7.5. The Controller’s services and the Website are not intended for children and minors. The Controller does not knowingly collect personal data of individuals under the age of 18 and assumes that Users who complete forms on the Website and provide their data to the Controller are at least 18 years old. If the Controller becomes aware that personal data of a child have been obtained without an appropriate legal basis, such data will be deleted or processed in accordance with legal requirements.
----------------------
8. Procedure for collection, storage, transfer and other processing of personal data
8.1. The security of personal data processed by the Controller is ensured by implementing legal, organisational and technical measures necessary to comply with the requirements of the PDPL and other applicable acts.
8.2. The Controller safeguards personal data and takes measures to prevent unauthorised access to personal data, including:
– restricting access to personal data on a need-to-know basis;– using technical protection tools and secure communication channels;– hosting the Website and the relevant infrastructure with a provider located in the United Arab Emirates or in other jurisdictions where cross-border transfer requirements are met.
8.3. Personal data of the User may be transferred to third parties (service providers such as hosting providers, email and CRM service providers, analytics providers, including Google Analytics) only to the extent necessary for the provision of services and subject to the conclusion of agreements ensuring the confidentiality and security of personal data, or in cases provided for by law or with the data subject’s consent.
8.4. If inaccuracies are found in the personal data, the User may update them by sending a notification to the Controller at info@mountainfinance.ae with the subject line “Personal data update” or by using other available communication channels.
8.5. The duration of personal data processing is determined by the achievement of the purposes for which personal data were collected and by compliance with the retention periods set by the applicable legislation of the United Arab Emirates. Upon achievement of the purposes or expiry of the relevant periods, personal data must be deleted or anonymised, unless otherwise required by law.
8.6. The User may withdraw their consent to the processing of personal data at any time where processing is based on consent, by sending a notification to the Controller at info@mountainfinance.ae with the subject line “Withdrawal of consent to personal data processing”. In such a case, the Controller may continue processing the data to the extent permitted by the PDPL on other lawful grounds.
8.7. Any information collected by third-party services (including payment systems, communication tools and other service providers) is stored and processed by such parties in accordance with their own terms of use and privacy policies. The data subject is required to familiarise themselves with these documents independently. The Controller is not responsible for the actions of third parties that process personal data as independent controllers.
8.8. Restrictions on the transfer or processing of personal data set by the data subject may not apply where processing is carried out for the purposes of fulfilling the Controller’s legal obligations, protecting the vital interests of the data subject, or in other public interest situations provided for by the legislation of the United Arab Emirates.
8.9. When processing personal data, the Controller ensures the confidentiality of personal data and does not disclose them to third parties, except in cases provided for in this Policy, the PDPL or other applicable legislation.
8.10. The Controller stores personal data in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed or for the periods required by the legislation of the United Arab Emirates on data and document retention. After such periods expire, personal data are deleted or anonymised in a secure manner.
8.11. The processing of personal data may be terminated upon achievement of the purposes of processing, upon the expiry of the term of consent (if applicable) and in the absence of other lawful grounds for processing, upon withdrawal of consent by the data subject (where no other lawful grounds for processing exist), and upon detection of unlawful processing of personal data.
8.12. In the event of an incident involving a breach of personal data security that may create a significant risk to the rights and freedoms of data subjects, the Controller will assess such incident and, where required by law, notify the competent data protection authority of the United Arab Emirates and the data subjects without undue delay and in accordance with the PDPL.
----------------------
9. List of actions performed by the Controller with personal data received
9.1. The Controller performs the following actions with personal data: collection, recording, systematisation, accumulation, storage, amendment (updating, changing), retrieval, use, transfer (disclosure, provision, access), anonymisation, blocking, erasure and destruction of personal data.
9.2. The Controller may carry out automated processing of personal data using telecommunication networks, as well as combined processing using both automated means and manual means, depending on the nature of the processing operations.
----------------------
10. Cross-border transfer of personal data
10.1. The Controller may carry out cross-border transfers of personal data to other countries or international organisations where this is necessary for hosting and operating IT infrastructure, using cloud services, providing services or achieving other lawful purposes, subject to compliance with the PDPL requirements for ensuring an adequate level of protection of personal data.
10.2. Transfers of personal data to countries that do not ensure an adequate level of protection may take place where appropriate safeguards are in place as required by the PDPL (for example, contractual mechanisms and standard clauses, explicit consent of the data subject in certain cases, or other grounds provided for by law).
10.3. The Controller may maintain records of cross-border transfers of personal data in cases required by the PDPL and, upon request of a data subject, provide general information about the jurisdictions and categories of recipients to which such transfers are made.
----------------------
11. Confidentiality of personal data
The Controller and any other persons who obtain access to personal data on the basis of agreements or by virtue of law are obliged not to disclose or distribute personal data to third parties without a lawful basis or proper consent of the data subject, except where disclosure is expressly required by the legislation of the United Arab Emirates.
----------------------
12. Final provisions
12.1. The User may obtain any clarifications on matters relating to the processing of their personal data by contacting the Controller at info@mountainfinance.ae or via other contact details indicated on the Website.
12.2. This Policy may be amended in the event of changes in the Controller’s business processes or in the applicable legislation of the United Arab Emirates in the field of personal data protection. The new version of the Policy enters into force from the moment it is published on the Website, unless otherwise provided in such version. The Policy remains in force indefinitely until replaced by a new version.
Policy of personal data processing
Address
722, Hayat boulevard 2A/1, Town Square, Dubai, UAE
722, Hayat boulevard 2A/1, Town Square, Dubai, UAE
navigation
Contacts
Accounting services for small businesses in the UAE
© 2025 MOUNTAIN All rights reserved
The site is designed
get advice
Leave your information and we'll be in touch
with you as soon as possible.
with you as soon as possible.
by clicking on the “send” button, you agree to the privacy policy
By using this site, you consent to the use of cookies to help us make it more convenient for you.