Privacy Notice & Data Protection


Russell Bedford (Dubai) Limited (“Russell Bedford Dubai”) is committed to protecting the privacy of those with whom it interacts, and RBDL recognises the need to respect and protect information that is collected or disclosed to us (called "Personal Data", explained below).

This Privacy Notice is intended to tell you how we use your Personal Data to give you enough detail and information you need. If you still can't find the information you need, you can contact Russell Bedford Dubai by reference to the details set out in section 1 below.

1.  Who we are

Russell Bedford Dubai is a full-service auditing and accounting practice licensed in the Dubai International Financial Centre since March 2006 and regulated as an audit firm by the Dubai Financial Services Authority since early 2007.

We are the controller of your Personal Data (as defined below). If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the following details:

Russell Bedford (Dubai) Limited

Office 201, Level 2, Gate Village 10

Dubai International Financial Centre

Dubai, United Arab Emirates

2.  What is Personal Data, and which Personal Data do we collect about you?

For the purposes of this Privacy Notice "Personal Data" consists of any information that relates to you and/or information from which you can be identified, directly or indirectly. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or to one or more factors specific to your physical, economic, cultural or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Data, we treat the combined information as Personal Data.

We may collect use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

• Identity and Contact Data includes first name, last name and title, address, email address and telephone number.
• Applicant Data includes Identity and Contact Data about job applicants, CV, professional experience, education, academic and professional qualifications, information provided and collected from interviews and assessments and references from your named referees.
• Financial Data includes your bank account details, investment and pensions details, your business interests and shareholdings, income and tax codes and identifiers.
• Technical Data includes internet protocol (IP) addresses, usage session dates and duration, page views, how you use our website the type of browser used while visiting our website and the numbers of users who visit our website.
• Services Data includes information about how you use our services, details of which services you have received from us, our correspondence and communications with you and information about any complaints or enquiries you make to us.
• Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
• Special categories of data include information about your health.
• Criminal convictions data includes information about criminal convictions and offences.

We also collect Identity and Contact Data about your close family members and dependants in order to provide our service to you effectively.

We also collect, use and share aggregated anonymous or pseudonymised data, such as statistical or demographic data for any purpose. This data could be derived from your Personal Data but is not considered personal data in law as it does not directly or indirectly reveal your identity. For example, we may anonymise your Services Data to analyse which demographic of users are using our services.

However, if we combine any of this data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

3.   How is your Personal Data collected?

We collect information when a user visits our website, and/or contacts us whether by the telephone, email or post. We use different methods to collect data from and about you including:

a). Personal Data that you provide directly. You may give us your Identity and Contact Data, and the Identity and Contact Data of your close family members and dependents, Marketing and Communications Data, Services Data, Special Categories of Data and Criminal Convictions Data by filling in forms, requesting information about our services, subscribing to our services or by corresponding with us by email, phone or otherwise.

You may give us your Applicant Data if you apply for a job with us.

b). Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies and other similar technologies. Please see section 10 below.

c). Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

  • Technical Data from third party analytics providers, such as Google Analytics.
  • Identity and Contact Data from third parties such as your employer, our clients, or from our member network firms.
  • KYC ('know your customer') information from Refinitive (WorldCheck).
  • If you are applying for a job with us, we may collect Identity and Contact Data and Applicant Data from your previous employer or recruitment agency, as well as professional social networking sites such as LinkedIn.   
  • Identity and Contact Data from publicly available sources, such as the DIFC and DFSA public registers.

4.   How do we use your information?

We will only use your Personal Data when the law allows us to do so. Most commonly, we will use your Personal Data in the following circumstances: 

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. The Legitimate
  • Interests we rely on are set out next to each purpose below.
  • Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your Personal Data although we will get your explicit consent to process any Special Categories of Data.

Purposes for which we will use your Personal Data

We may use the Personal Data that we collect for the following purposes. For each purpose, we describe the legal bases we rely on to justify such use of your Personal Data.

Purpose/Activity Type of data Legal basis
To consider you for a role with us; if you are applying for a job

(a) Identity and contact

(b) Applicant

(c) Financial

(a) Necessary to take steps in order to enter a contract with you

(b) Necessary for our legitimate interests in attracting talent and market opportunities at Russell Bedford Dubai 

(c) To comply with our legal obligations such as, to make reasonable adjustments

To provide our services to you, or your employer and to manage our relationship with you including in respect of payments, fees and charges, and to provide you with updates to our Privacy Notice

(a) Identity and contact

(b) Financial 

(c) Services

(a) Performance of a contract with you (if the services are provided to you directly)

(b) Necessary for our legitimate interests in providing our services to corporate clients (if the services are provided to your employer)

To carry out your contractual obligations to you, if you are our supplier or subcontractor, including to manage our payments to you (a) Identity and contact Necessary for our legitimate interests in receiving services from our suppliers to ensure our business is run efficiently
Provide you with information related to our services, our events and activities which you request from us or which we feel may be of interest to you

(a) Identity and contact

(b) Services

(c) Technical 

(d) Marketing and communications

Necessary for our legitimate interests to develop our services and grow our business
Analysis purposes - for assessment and analysis of our users, to create sales, marketing and promotional plans and to seek your thoughts and opinions on the services we provide

(a) Identity and contact

(b) Services

(c) Technical

(d) Marketing and communications

Necessary for our legitimate interests to study how our clients use our services, to develop our services and to inform our marketing strategy
For security purposes and to administer our website - to maintain and enhance the website and to ensure that content from it is presented in the most effective manner for you and your computer, and to enhance the user experience

(a) Identity and contact

(b) Technical

(a) Necessary for our legitimate interests in running our business, to ensure the security of our systems, to assist us in the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise

(b) Necessary to comply with a legal obligation

Business purposes - for business monitoring and record keeping including maintaining our accounts, complying with good practice and for other administrative, operational and security reasons

(a) Identity and contact 

(b) Services 

(c) Marketing and communications

(a) Necessary for our legitimate interests in running our business efficiently and successfully and in order to keep our records updated

(b) Necessary to comply with a legal obligation

To prevent and detect crime, fraud or corruption and to meet our legal, regulatory and ethical responsibilities

(a) Identity and contact

(b) Technical 

(c) Services

Necessary to comply with our legal obligations

Marketing communications

We may use your Personal Data to provide you with email notifications and other communications by email, on the basis that it is in our legitimate interests to use your Personal Data for these purposes in developing our services and growing our business. For further information on this, see the 'Your Choices' section of this Privacy Notice.

Combining Personal Data

We may combine the Personal Data that we collect from you to the extent permitted by applicable law. For example, we may combine various different databases that contain your Personal Data to allow us to provide better support services and more personalised content (such as marketing).        

Change of purpose

Where we need to use your Personal Data for another reason other than for the purpose for which we collected it, we will only use your Personal Data where that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

5.   To whom do we disclose your information?

​We will only use your Personal Data for our internal business purposes, some of which are mentioned above. We may disclose your information to the following entities:

  • Our Parent Company – Lubbock Fine

We may need to transfer your Personal Data to Lubbock Fine LLP (“Lubbock Fine”), our Parent Company, to provide the services and/or any assistance you request.  Lubbock Fine are required to follow the privacy practices set forth by the General Data Protection Regulation (“GDPR”).

  • Service Providers

We use third party service providers to help us to administer certain activities and services on our behalf, such as banking services.  We may share Personal Data about you with such third party service providers solely for the purpose of enabling them to perform services on our behalf and they will operate only in accordance with our instructions. Here are examples of third-party service providers we use:

Banking services - we use Abu Dhabi Islamic Bank (ADIB) to provide us with banking services

  • Anonymous statistics

We prepare and develop anonymous, aggregate or generic data and statistics for various reasons (such as aggregate usage statistics including "page views" on the website, and analysing how users use our content). As this data is anonymous (i.e. you cannot be identified from it) we do not consider this information to be Personal Data. As such, we may share it with our Parent Company.

  • Third parties when required by law

    We will disclose your Personal Data to comply with applicable law or respond to valid legal process, including from our regulators, law enforcement or other government agencies (in which case such agencies or regulators will be acting as controllers as well); to protect the users of the website (e.g. to prevent spam or attempts to defraud them); to operate and maintain the security of the website (e.g. to prevent or stop an attack on our systems or networks); or to protect our rights or property.
  • Other parties in connection with corporate transactions

    We may disclose your Personal Data to a third party (or our Parent Company) in the event that all or substantially all of our business or assets are or are intended to be sold or otherwise assigned to another entity.
  • Other parties at your direction

    We may share Personal Data about you with third parties when you request such sharing, such as your legal or other professional advisers.

6.    What do we do to keep your information secure?

​We have put in place appropriate physical and technical measures to safeguard your Personal Data. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. When we use service providers to assist us in processing your Personal Data, we have written contracts in place with such service provider which means that they cannot do anything with your Personal Data unless we have instructed them to do it.

However, please note that although we take appropriate steps to protect your Personal Data, no website or transmission of data, computer system or wireless connection is completely secure and therefore we cannot guarantee the security of your Personal Data.

International Transfer of Data

The Personal Data that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside the Dubai International Financial Centre and the UAE, including but not limited to the European Economic Area (“EEA”) or in any other country where Russell Bedford Dubai, our Parent Company or our service providers maintain facilities.

By using the website and/or providing us with your Personal Data, you acknowledge that we will collect, transfer, store and process your information outside the Dubai International Financial Centre. We will take all steps reasonably necessary to ensure that your Personal Data is kept secure and treated in accordance with this Privacy Notice and the requirements of applicable law wherever the data is located.

Where we transfer your Personal Data outside the Dubai International Financial Centre and to third parties, we will ensure that appropriate transfer agreements and mechanisms, such as the DIFC Standard Contractual Clauses, are in place to help ensure that our third party service providers provide an adequate level of protection to your Personal Data. We will only transfer your Personal Data outside the Dubai International Financial Centre in accordance with applicable laws or where you have given us your consent to do so.

7.   Data retention - How long we will store/keep your Personal Data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

We are subject to regulatory requirements to retain your data for specified minimum period of 6 years.

This is the minimum period during which we have a legal obligation to retain your Personal Data. We reserve the right to retain data for longer where it is in our legitimate interests to do so, including for back-up and archival purposes.

When your Personal Data is no longer required for the purpose it was collected or as required by applicable law, it will be deleted and/or returned to you in accordance with applicable law.

 In some circumstances you can ask us to delete your Personal Data (see section 8 below).

8.  Accessing your Personal Data and other rights you have 

​Russell Bedford Dubai will collect, store and process your Personal Data in accordance with your rights under any applicable data protection laws. Under certain circumstances, you have the following rights in relation to your Personal Data:

• Subject Access - you have the right to request details of the Personal Data which we hold about you and copies of such Personal Data.
• Right to Withdraw Consent – where you have consented to our processing of your Personal Data, you have the right to withdraw such consent at any time. In the event you wish to withdraw your consent to processing, please contact us using the details provided in section 1.
• Data Portability – you may, in certain circumstances, request us to port (i.e. transmit) your Personal Data directly to another organisation.
• Rectification – we want to ensure that the Personal Data about you that we hold is accurate and up to date. If you think that any information we have about you is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will rectify or update any incorrect or inaccurate Personal Data about you.
• Erasure ('right to be forgotten') - you have the right to have your Personal Data 'erased' in certain specified situations.
• Restriction of processing – you have the right in certain specified situations to require us to stop processing your Personal Data.
• Object to processing – You have the right to object to specific types of processing of your Personal Data, such as, where we are processing your Personal Data for the purposes of direct marketing.
• Prevent automated decision-taking – in certain circumstances, you have the right not to be subject to decision being taken solely on the basis of automated processing.

Enforcing your rights

If you wish to enforce any of your rights under applicable data protection laws, then please see section 1. We will respond to your request without undue delay and by no later than one month from receipt of any such request, unless a longer period is permitted by applicable data protection laws, and we may charge a reasonable fee for dealing with your request which we will notify to you. Please note that we will only charge a fee where we are permitted to do so by applicable data protection laws.


If you are concerned that we have not complied with your legal rights under applicable data protection laws, you may contact the Office of the Commissioner of Data Protection which is the data protection regulator in the Dubai International Financial Centre which is where Russell Bedford Dubai is located. Alternatively, if you are based outside the UK, you may contact your local data protection supervisory authority.

9.  Third party links

Our website may contain links to other third party websites that are not operated by Russell Bedford Dubai. These linked sites and applications are not under Russell Bedford Dubai's control and as such, we are not responsible for the privacy practices or the content of any linked websites and online applications. If you choose to use any third party websites, any Personal Data collected by the third party’s website will be controlled by the Privacy Notice of that third party. We strongly recommend that you take the time to review the privacy policies of any third parties to which you provide Personal Data.


10.  Cookies

What are cookies?

We may use cookies on our website. Cookies are small text files that can be read by a web server in the domain that put the cookie on your hard drive. Cookies are assigned to and stored in a user's internet browser on a temporary (for the duration of the online session only) or persistent basis (cookie stays on the computer after the internet browser or device has been closed). Cookies collect and store information about a user’s preferences, product usage and content viewed which allows for us to provide users with an enhanced and customized experience when engaging with the website. 

Use of cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.

11.    Your choices (e.g. marketing related emails or otherwise)

When you request information on or from the website, or otherwise communicate with us, we and our Parent Company may use your Personal Data (such as your contact details (e.g. name, address, email address, telephone number)) to send you marketing-related correspondence by email related to our products. When we process your Personal Data for marketing purposes, we do so on the basis that we have obtained your consent to use your Personal Data for these purposes, or on the basis that we are permitted to do so as it is in our legitimate interests, namely the promotion of our business.

We may also use your Personal Data to personalise and to target more effectively our marketing communications to ensure, to the extent possible, that any marketing-related correspondence is relevant to you.

We do not share your Personal Data for marketing purposes with companies outside Russell Bedford Dubai and our Parent Company.

To opt out of receiving marketing-related correspondence from Russell Bedford Dubai, please click "Unsubscribe" from any marketing or promotional email you receive from us.

12.  Changes to this Privacy Notice​

It also is important that you check back often for updates to the Privacy Notice, as we may change this Privacy Notice from time to time. The “Date last updated” legend at the bottom of this page states when the notice was last updated and any changes will become effective upon our posting of the revised Privacy Notice.

We will provide notice to you if these changes are material and, where required by applicable law, we will seek your consent. We will provide this notice by email or by posting notice of the changes on our website.

Date last updated 24 November 2020.