Privacy Policy
How PalladiumIP Consultants collects, uses, and protects your personal data — in compliance with UAE and EU law.
Who We Are
PalladiumIP Consultants Ltd ("PalladiumIP", "we", "us", or "our") is a dual-incorporated intellectual property consulting firm registered in the United Arab Emirates (Dubai) and the Republic of Rwanda. We provide IP services including trademark registration and prosecution, patent filing and advisory, industrial design registration, IP portfolio management, IP training programmes, and UAE company formation services.
For the purposes of applicable data protection legislation, PalladiumIP Consultants Ltd acts as the Data Controller in respect of all personal data collected through this website and in connection with the provision of our professional services.
Data Controller: PalladiumIP Consultants Ltd · Dubai, UAE & Kigali, Rwanda
Email: info@palladium-ip.com · Tel: +971 50 895 8365
Scope & Applicable Law
This Privacy Policy governs the collection, processing, storage, and transfer of personal data by PalladiumIP in connection with use of www.palladium-ip.com, engagement of our professional services, training programmes, and all other communications with us. It is designed to comply with the following frameworks:
| Jurisdiction | Applicable Law | Supervisory Authority |
|---|---|---|
| United Arab Emirates | Federal Decree-Law No. 45/2021 on Personal Data Protection (UAE PDPL) & Executive Regulations | UAE Data Office (TDRA) |
| European Union / EEA | Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR) | Competent EU Member State supervisory authority |
| United Kingdom | UK GDPR & Data Protection Act 2018 | Information Commissioner's Office (ICO) |
| Republic of Rwanda | Law No. 058/2021 on the Protection of Personal Data and Privacy | Rwanda Utilities Regulatory Authority (RURA) |
Where there is a conflict between applicable laws across jurisdictions, PalladiumIP will apply the standard most protective of the individual's rights.
Personal Data We Collect
3.1 Data You Provide Directly
- Contact form submissions — name, email, telephone, company, job title, message content
- Training course registration — name, email, telephone, company, job title, delegate count, payment information
- Professional service engagements — identification documents, contact details, power of attorney, IP asset particulars
- Newsletter subscriptions — name and email address
- Direct correspondence via email, telephone, or other channels
3.2 Data Collected Automatically
- IP address and approximate geographic location
- Browser type, version, and operating system
- Pages visited, time on page, and navigation paths
- Referral source and device identifiers
- Cookies and similar tracking technologies (see Section 10)
3.3 Data from Third Parties
- Business referrals and professional networks
- Publicly available sources — company registries, IP office databases (MOIAT, ARIPO, WIPO), professional directories
- International associate network, in connection with cross-border IP filings
Special Category Data: We do not intentionally collect sensitive personal data as defined under applicable data protection laws. Please do not submit such information through our website or contact forms.
How We Use Your Personal Data
| Purpose | Examples |
|---|---|
| Providing professional services | Processing IP filings, preparing legal documentation, managing your IP portfolio, communicating on matter progress |
| Client relationship management | Maintaining client records, responding to enquiries, sending engagement documentation and invoices |
| Training administration | Course registration, issuing KHDA-approved certificates of completion, scheduling and logistics |
| Marketing & communications | Sending our IP Insights newsletter, event invitations, and service updates — only where you have consented or we have a legitimate interest |
| Website improvement | Analysing usage patterns to improve site performance, content, and user experience |
| Legal & compliance | Complying with UAE AML requirements, professional regulatory obligations, and court orders |
| Security | Protecting our systems and data from fraud, unauthorised access, and cyberattacks |
Legal Basis for Processing (GDPR)
For individuals whose data is processed subject to the GDPR or UK GDPR, we rely on the following legal bases under Article 6 GDPR:
- Contract performance (Art. 6(1)(b)): Processing necessary to perform IP services you have engaged us to deliver, or to take steps at your request prior to entering a contract
- Legitimate interests (Art. 6(1)(f)): Business development, website analytics, fraud prevention, and network security — where not overridden by your rights
- Legal obligation (Art. 6(1)(c)): Processing required to comply with UAE, EU, or other applicable legal obligations
- Consent (Art. 6(1)(a)): For marketing communications — withdraw at any time by emailing info@palladium-ip.com
Under the UAE PDPL, we process personal data on the basis of contractual necessity, consent, legitimate interest, and legal compliance, in accordance with Article 4 of Federal Decree-Law No. 45/2021.
Sharing Your Personal Data
PalladiumIP does not sell, rent, or trade personal data. We may share data in the following circumstances:
Associate Attorneys & Filing Agents
For cross-border IP services, we share relevant client data with international associate attorneys and IP filing agents in relevant jurisdictions (ARIPO member states, OAPI, Zimbabwe, UK, GCC countries). All associates are bound by professional confidentiality obligations.
Service Providers
Third-party processors including: Lawcus (practice management), cloud storage, email service providers, accounting systems, and web hosting. All are bound by data processing agreements prohibiting use of data for their own purposes.
Regulatory & Professional Bodies
IP offices (MOIAT UAE, ARIPO, WIPO, OAPI, ZIPO), regulatory authorities, law enforcement agencies, or courts where required by law or court order.
Business Transfers
In the event of a merger, acquisition, or sale of our business, personal data may be transferred to the acquiring entity subject to equivalent data protection commitments.
International Data Transfers
PalladiumIP operates across UAE, GCC, Africa, UK, and Europe. Personal data may be transferred to countries outside your country of residence. For transfers from the EEA or UK to third countries, we rely on:
- Adequacy decisions by the European Commission or UK Government, where applicable
- Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO
- Binding Corporate Rules or other approved transfer mechanisms
- Your explicit consent to the transfer, having been informed of associated risks
For transfers under the UAE PDPL, we comply with cross-border transfer provisions of Federal Decree-Law No. 45/2021 and its Executive Regulations, ensuring adequate protection is in place for all outbound data transfers.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, in compliance with applicable legal and professional retention obligations:
| Category of Data | Retention Period | Basis |
|---|---|---|
| Client matter files & IP prosecution records | 10 years after matter closure | Professional regulatory obligations; UAE limitation periods |
| Invoices & financial records | 5 years | UAE Commercial Companies Law; UAE VAT regulations |
| Training registration & certificates | 5 years | KHDA compliance; contractual records |
| Website enquiry & contact form data | 2 years | Legitimate interest |
| Marketing consent & communications | Until withdrawal of consent or 3 years from last interaction | Consent-based processing |
| Website analytics (anonymised) | 26 months | Legitimate interest |
Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised in accordance with our data disposal procedures.
Your Rights
Subject to applicable law, you may have the following rights in respect of your personal data. We will respond to all valid requests within 30 days.
Access
Obtain confirmation of whether we hold your data and receive a copy of it.
Rectification
Request correction of inaccurate or incomplete personal data we hold.
Erasure
Request deletion of data where we no longer have a lawful basis to retain it.
Restriction
Request we restrict processing of your data in certain circumstances. (GDPR)
Portability
Receive your data in a structured, machine-readable format. (GDPR)
Object
Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent
Withdraw consent at any time without affecting prior lawful processing.
Complain
Lodge a complaint with the UAE Data Office or your local EU/UK authority.
To exercise any of these rights, email info@palladium-ip.com with the subject line "Data Subject Request". We may require identity verification before fulfilling the request.
Cookies & Tracking Technologies
| Category | Purpose | Consent Required |
|---|---|---|
| Strictly Necessary | Essential for website function — session management, security, form submission | No — cannot be disabled |
| Performance / Analytics | Google Analytics — anonymous usage statistics to improve performance | Yes |
| Functional | Remembering user preferences (language, region) | Yes |
| Marketing | Tracking for remarketing and social media integration | Yes |
You may manage cookie preferences through your browser settings or our cookie consent banner. Withdrawing consent to non-essential cookies will not affect core website functionality.
Data Security
PalladiumIP implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction:
- SSL/TLS encryption for all data transmitted through our website
- Access controls and authentication requirements for internal systems
- Secure cloud infrastructure with data-at-rest encryption
- Regular security assessments and staff data protection training
- Confidentiality obligations in all staff and consultant contracts
- Incident response procedures compliant with UAE PDPL notification requirements
In the event of a personal data breach posing a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and communicate to affected individuals where required by law.
Children's Privacy
Our website and services are directed to business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data about a minor, please contact us immediately at info@palladium-ip.com and we will take prompt steps to delete it.
Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our data practices, applicable law, or new services. Where material changes are made, we will notify you by email (where you are a registered client or subscriber) and by posting a prominent notice on our website. The "Last Updated" date at the top of this Policy indicates when the most recent changes were made.
Contact & Complaints
For all data protection enquiries, subject access requests, or complaints:
PalladiumIP Consultants Ltd — Data Protection Contact
Email: info@palladium-ip.com · Subject: "Data Protection Enquiry" or "Data Subject Request"
Tel: +971 50 895 8365 · Address: Dubai, United Arab Emirates
If located in the EU or UK and not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country of residence. In the UAE, complaints may be directed to the UAE Data Office at www.tdra.gov.ae.
Ready to Protect Your Innovation?
Speak with a specialist today. Your IP, our commitment.