eCloud Global

  • C1 - 1F - SF11206 , Ajman Free Zone , United Arab Emirates
  • info@ecloudglobal.ae
  • +44 020 3576 1233
  • +971 52 383 0153
ecloud global Main logo
Book A Meeting

Privacy Policy

This Privacy Policy explains how eCloud Global (license no. 4442612247), a professional services firm headquartered in Ajman Free Zone, United Arab Emirates (“we,” “us,” or “our”), collects, uses, discloses, and protects personal information. We provide global business services – including company setup (Mainland, Free Zone, Offshore, E-commerce, Consultancy), business banking assistance, VAT registration, accounting & bookkeeping, cloud accounting software migration (Xero, Zoho Books, QuickBooks Online, Wafeq), and tax & cross-border advisory – and are committed to safeguarding the privacy of individuals who visit our website or use our services. This Policy is designed for a global audience and aligns with applicable data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law) and relevant international standards.

By submitting information through our website or otherwise providing personal data to us, you agree to the practices described in this Privacy Policy. If you do not agree with this Policy, please do not use our website or services. We may update this Privacy Policy from time to time, and any changes will be posted on this page with an updated effective date. We encourage you to review this Policy periodically.

Personal Data We Collect

Information You Provide: We collect personal data that you voluntarily provide via our website forms (for example, when you contact us, request a service, or submit an inquiry). This includes: name, contact details (such as email address and phone number), company information (e.g., company name, industry, or registration details you supply), and information about your accounting or tax needs. For instance, our forms may ask you to specify the relevant financial period or the accounting software platforms you use or require assistance with. You may also provide a brief description of your inquiry or any additional details in free-text fields. Please note that our website forms do not require or support document uploads; we do not intend to collect sensitive personal documents (such as passports, IDs, or financial statements) through the site. We ask that you do not include confidential personal identifiers or attachments in the form submissions. If additional documentation is needed (for example, if you engage us for company formation or tax services), we will arrange secure methods to collect that information outside the website platform.

Information Collected Automatically: When you visit our website, we do not use the site to collect extensive personal data beyond what you submit in forms. We do not use invasive tracking technologies. However, like most websites, basic technical information may be automatically logged by our web server or analytics providers (such as IP address, browser type, and cookies that enable site functionality). Any such usage data is generally used only to maintain and improve our website and is not used to identify you personally. (See our Cookie Policy if applicable, for more details on any cookies or site tracking).

No Collection of Minors’ Data: Our services and website are not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a minor, please do not submit any personal information to us. If we learn that we have inadvertently collected personal data from a minor, we will delete it.

How We Use Your Personal Data

We use the personal data we collect only for legitimate business purposes and in accordance with applicable law. The purposes for which we process your information include:

  • Providing and Improving Services: We use your information to respond to your inquiries and requests, and to carry out the services you requested. For example, if you contact us about setting up a company or migrating your accounting software, we will use your provided details to advise you, prepare proposals, and facilitate the service. If you become a client, we will use your data to perform our contractual obligations, such as preparing incorporation documents, registering for VAT, bookkeeping, or providing tax advisory services. We may also use information to personalize or improve our services, such as remembering your preferences or tailoring our advice to your business needs.
  • Communication: We will use your contact details (email address and/or phone number) to communicate with you regarding your inquiry, service updates, and customer support. This includes sending you information you specifically request (for example, details about a free zone package or a quote for our services) as well as communications necessary for customer service and account administration.
  • Marketing and Newsletters: With your consent or as otherwise permitted by law, we may use your contact information to send you marketing communications about our services, industry updates, or events that might interest you. For example, if you fill out a form on our site, we may add you to our mailing list to receive occasional newsletters or offers related to business setup, accounting, or tax advisory. You can opt out of marketing emails at any time (see the “Your Rights and Choices” section below). We do not engage in spam – we will only send promotional content if you have an existing relationship with us or have expressed interest in our services, and we will honor any request to stop such communications.
  • Use of Zoho CRM (Contact and Engagement Tracking): We use Zoho CRM, a customer relationship management platform, to manage the information you provide and to track our engagements with you. This means that when you submit a form or otherwise contact us, your name, contact details, and inquiry details are stored in our Zoho CRM system. We utilize Zoho CRM to keep a record of communications and to monitor engagement – for instance, if we send you an email, our CRM may log whether you opened the email or clicked on links. This helps us measure interest in our services, ensure we follow up appropriately, and improve our outreach. Zoho CRM may also enable us to schedule reminders or tasks so we can provide timely service (such as following up on a consultation request). Zoho CRM acts as a data processor on our behalf: it stores your data on its secure servers and only uses your information under our instructions and for our purposes as described in this Policy. We have taken steps to ensure that Zoho, as a third-party service provider, is contractually bound to protect your data with strict confidentiality and security measures.
  • Business Operations and Legal Compliance: We may process personal data as needed for our internal business operations and to comply with our legal obligations. This includes maintaining proper business records, accounting, and financial reporting. For example, if we issue an invoice or enter into a contract with you, we will use and retain necessary personal information for bookkeeping and auditing in compliance with UAE accounting and tax laws. We may also use personal data to exercise or defend legal claims, to comply with lawful requests by public authorities, or to meet mandatory government reporting and compliance requirements (such as anti-money laundering checks or economic substance regulations, when applicable to certain services). Additionally, we may use data to enforce our website’s Terms and Conditions, to prevent fraud, and to ensure the security of our operations (for instance, we might use information to investigate suspicious activity or to screen for cybersecurity threats).

We will not use your personal data for any purpose that is incompatible with the original reasons for which it was collected, unless we obtain your consent or are required/permitted by law to do so. If we intend to process your data for a new purpose, we will provide you with information about that purpose and seek your consent when necessary.

Legal Basis for Processing Personal Data

We only process personal data when we have a valid legal basis to do so. Given that we serve a global audience, our processing of your information will comply with the data protection laws that apply to us, including UAE law and (for relevant activities) principles of international regulations like the EU General Data Protection Regulation (GDPR). The legal bases we rely on include:

  • Consent: In many cases, we rely on your consent to collect and use your personal data. By voluntarily submitting your information through our website forms or otherwise contacting us, you consent to our processing of that information for the purposes described in this Policy. For instance, we will ask for your consent to send you marketing emails. You have the right to withdraw your consent at any time (for example, you can unsubscribe from our marketing communications). Withdrawal of consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
  • Performance of a Contract or Pre-Contractual Steps: When you request our services or become our client, we process your personal data as necessary to perform a contract with you or to take steps at your request before entering into a contract. For example, if you ask us to help register a company or handle bookkeeping, we will use your data to carry out those services and fulfill our contractual obligations to you. Similarly, if you inquire about our services, processing your data to provide a quote or answer your questions may be considered a pre-contractual necessity.
  • Legitimate Interests: We may process your data where it is necessary for our legitimate business interests, provided those interests are not overridden by your data protection rights. Our legitimate interests include communicating with prospective and current clients, delivering and improving our services, and promoting our business. For example, it is in our legitimate interest to use a CRM system (Zoho) to efficiently manage customer relationships, or to analyze which services or website content are of most interest to users so we can improve our offerings. We may also rely on legitimate interests for certain marketing to existing customers (consistent with applicable law), for preventing fraud, and for ensuring the security of our website and IT systems. When we rely on this basis, we ensure that we consider and respect your potential privacy impact and rights.
  • Legal Obligation: In some cases, we need to process personal data to comply with a legal obligation to which we are subject. For example, UAE laws may require us to retain certain transaction records for a minimum period, or to report certain information to regulators or government authorities (such as tax filings or anti-money laundering verifications). We will process and retain the necessary personal data to satisfy these obligations.

These legal bases apply cumulatively or alternatively, depending on the context of processing. If applicable law provides for other legal grounds (such as vital interests or public interest tasks), we may rely on those in exceptional circumstances (for instance, to protect someone’s life, health, or safety in an emergency). We will always ensure that we have a lawful basis to process your personal data and will inform you of that basis when required by law.

Sharing and Disclosure of Information

We treat your personal information with care and confidentiality. We do not sell or rent your personal data to third parties. However, in the course of running our business and providing our services, we may share your information with certain third parties under strict conditions, as described below:

  • Service Providers and Processors: We use trusted third-party service providers to support our operations and services. These providers process personal data on our behalf and are bound by contractual obligations to keep your information confidential and secure, and to use it only for the purposes we specify. Key service providers include: Zoho Corporation (provider of Zoho CRM, which stores and manages our contact database and communications as detailed above) and possibly other cloud or IT service vendors (for example, secure email hosting, data storage or backup services, web analytics, or our website hosting provider). If we utilize any additional software or cloud platforms (such as accounting software or project management tools) that process your data, we ensure that those processors also adhere to high data protection standards. We only share the minimum information necessary for these vendors to perform their functions, and we maintain Data Processing Agreements with them as required by law.
  • Business Partners and Institutions (When Providing Services): If you engage us for certain services, we might need to share relevant personal data with third parties as part of delivering those services. For example:
    • When we assist with company setup or incorporation, we may need to provide your details to government authorities, free zone registrars, notary publics, or local agents in the relevant jurisdiction to process the company registration.
    • For business banking assistance, with your authorization, we will share necessary information with banking institutions to facilitate account opening or other banking services.
    • In the context of VAT registration or tax advisory, we might interact with the Federal Tax Authority or other regulatory bodies and may need to submit personal and company data as part of official filings or compliance processes.
    • When we perform cloud accounting software migration, we will handle data within the platforms in question (e.g., Xero, Zoho Books, QuickBooks, Wafeq) as per your instructions, and that may involve transferring data between systems. We won’t share your accounting data with any unauthorized party, but we may temporarily access or extract it to complete the migration.
    In all such cases, we disclose data only as necessary and only to the appropriate recipients (e.g., authorities, banks, or software systems you use) to carry out the service you have requested. We will also ensure, where feasible, that such third parties have a legal or contractual obligation to protect your data.
  • Legal Requirements and Protection of Rights: We may disclose personal information if we are required to do so by law or legal process, or if we have a good-faith belief that such action is necessary to: (i) comply with a legal obligation, court order, or regulatory request; (ii) enforce our contracts, Terms and Conditions, or other agreements; (iii) detect, prevent, or address fraud, security, or technical issues; or (iv) protect the rights, property, or safety of eCloud Global, our clients, our employees, or the public. This could include sharing information with law enforcement or government agencies in response to lawful requests.
  • Corporate Transactions: In the unlikely event that we undergo a business transition such as a merger, acquisition, reorganization, or sale of some or all assets, personal data may be transferred to the successor entity or new owner as part of that transaction. In such cases, we will ensure that your data remains subject to confidentiality and will provide notice before any personal data is transferred and becomes subject to a different privacy policy.

Aside from the situations listed above, we will not share your personal information with third parties unless we have your explicit consent to do so. We strive to be transparent about any third-party involvement with your personal data. If you have questions about the third parties that may have access to your data, you can contact us at any time for more information.

International Data Transfers

Global Operations: As a globally oriented firm, we may transfer or access your personal data internationally in order to serve you. Our headquarters is in the United Arab Emirates (UAE), so if you are contacting us from outside the UAE, your personal data will be transferred to and processed in the UAE. Additionally, some of the third-party service providers we use (such as Zoho CRM, which is a cloud-based platform) may store or process data on servers located outside of the UAE (for example, in the United States, the European Union, or India, depending on the data center). This means the personal information you provide through our website could be transferred to, stored, or processed in a country different from your home country or the country where the data was originally collected.

Data Protection Safeguards: When we transfer personal data outside of the UAE or your country of residence, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law. These measures may include:

  • Transferring to countries that have been officially designated as providing an adequate level of data protection under UAE law or other relevant regulations.
  • Implementing standard contractual clauses or data protection agreements with the receiving party, which legally oblige them to protect your data to the high standards required by UAE, EU, or other applicable data protection laws.
  • Relying on your consent or another legal transfer mechanism permitted by relevant data protection laws, especially in the absence of an adequacy decision or contractual safeguards. For instance, if none of the standard safeguards are available, we will transfer data only with your informed consent or as necessary for the performance of our contract with you.

We understand the importance of data security and privacy wherever your data is processed. All our service providers, regardless of location, are chosen carefully with consideration of their security practices and privacy commitment. Zoho, for example, maintains robust privacy and security certifications (such as ISO 27001) and we have ensured through our agreement that it will protect the data it processes on our behalf.

Your Acknowledgment: By interacting with our website or engaging our services, you acknowledge that your personal data may be transferred to and stored in servers located in countries outside of your own. Nonetheless, we will always handle your data in line with this Policy. If you have questions about cross-border data transfer or need further information about international safeguards, please contact us using the details below.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • If you submit an inquiry or request via our website but do not ultimately engage our services, we will retain the information you provided for a reasonable period of time. This allows us to follow up on your inquiry and maintain a record of our communications. For example, we may keep inquiry data for up to one year (or a duration that is reasonable in our business context) in case you decide to proceed at a later date or have additional questions. We will also retain it to avoid redundant communications and to improve our responses to future inquiries. If you prefer that we delete your information sooner, you have the right to request deletion (see “Your Rights and Choices” below), and we will honor such requests provided we have no ongoing legal or contractual need to keep the data.
  • If you become a client of eCloud Global or enter into a contract with us, we will retain your personal data for the duration of our business relationship and thereafter as long as necessary to fulfill our legal and contractual obligations. For instance, during an ongoing accounting or consultancy engagement, we need to keep your information to perform the services. After the completion of our services or termination of our contract, we typically retain relevant data for a defined retention period. This period may be influenced by laws that mandate record-keeping – for example, UAE commercial, financial, and tax regulations may require us to keep certain records for a number of years (commonly 5 years or more) for auditing or inspection purposes. We may also retain information for a period after our engagement ends in order to address any post-service inquiries, to enforce our agreements, or to have sufficient records in case of any legal proceedings.
  • In determining the appropriate retention periods, we consider the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process it and whether we can achieve those purposes through other means; and applicable legal requirements. When the retention period expires or if the data is no longer needed, we will securely delete, anonymize, or destroy the personal data. For example, we regularly review the inquiries in our CRM system and delete or anonymize entries that are no longer needed for business or legal reasons.
  • There may be instances where we retain data longer than usual if required by law or if it is necessary for us to establish, exercise, or defend our legal rights. For example, if we are involved in a dispute or investigation, we may preserve relevant information until the matter is resolved. Rest assured, any extended retention will still be governed by this Privacy Policy and applicable confidentiality safeguards.

In summary, we do not keep personal data indefinitely. We strive to ensure that we retain data for no longer than necessary and comply with all applicable retention and destruction requirements. If you have specific questions about how long a particular type of data will be retained, you can contact us for more detail.

Your Rights and Choices

We respect your rights to control your personal data. Depending on the laws that apply to your situation (for example, UAE data protection law, GDPR for EU residents, or other applicable privacy regulations), you may have some or all of the following rights regarding the personal data we hold about you:

  • Right to Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to request a copy of that personal data along with information about how we use and share it. We will provide you with the relevant data in a structured, common format, and can also directly provide it to a third party of your choice (this is often known as data portability), where technically feasible and required by law.
  • Right to Rectification: If any of your personal information that we have is inaccurate or incomplete, you have the right to request that we correct or update it. We encourage you to keep your information with us current, and we will make corrections promptly upon your request.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data under certain circumstances. If the data we hold about you is no longer necessary for the purposes for which it was collected, or if you withdraw consent (in cases where consent is the legal basis) and we have no other legal grounds for processing, or if you object to processing and we have no overriding legitimate grounds, you may request erasure. We will assess such requests in light of legal requirements – for example, if we are obligated by law to keep certain records (such as financial transactions), we may not be able to delete those until the retention period expires, but we will inform you of any such constraints.
  • Right to Restrict Processing: You have the right to ask us to suspend or restrict the processing of your personal data in certain scenarios – for instance, if you contest the accuracy of the data or have objected to processing (pending our review of whether we have legitimate grounds that override your interests). While processing is restricted, we will still store your data but not use it for the interim.
  • Right to Object: You have the right to object to our processing of your personal data when that processing is based on our legitimate interests or on public interest grounds. If you object, we will consider whether our legitimate grounds for processing override your rights and freedoms, and if not, we will cease the processing in question. Importantly, you have an unconditional right to object to the processing of your personal data for direct marketing purposes. This means you can tell us at any time to stop using your information to send you marketing communications, and we will comply immediately.
  • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. For example, if you consented to receive our newsletter, you can opt out later (each marketing email from us will include an “unsubscribe” link for your convenience, or you can contact us directly to be removed from our mailing list). Withdrawing consent will not affect the lawfulness of processing that occurred before the withdrawal, and it won’t affect processing under other legal bases, but it will mean that we stop the specific activities that were based on consent.
  • Right to Data Portability: Under certain regulations (like GDPR), you may have the right to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and to have that data transmitted to another controller where technically feasible. This primarily applies to data processed by us by automated means on the basis of your consent or for performance of a contract.
  • Right to Lodge a Complaint: We hope to resolve any query or concern you raise about our use of your information. However, if you believe we have infringed your privacy rights or data protection laws, you typically have the right to lodge a complaint with a supervisory authority or data protection regulator. If you are in the UAE, you can contact the UAE Data Office or other relevant authority once they establish a complaint mechanism. If you are in the European Union or another jurisdiction, you can lodge a complaint with the data protection authority in your country of residence or the location where the issue occurred. For example, EU residents can contact their national Data Protection Authority. We would, however, appreciate the chance to address your concerns before you approach a regulator, so please consider contacting us first.

To exercise any of these rights, please contact us using the contact details provided in the “Contact Us” section below. We may need to verify your identity before fulfilling certain requests, to ensure that your personal data is not disclosed to someone who does not have the right to receive it. We will respond to your request within a reasonable timeframe and in accordance with applicable law (generally within one month, though we may be allowed to extend this period for complex requests). There is no fee for exercising your rights unless the requests are manifestly unfounded or excessive; in such a case, we may charge a reasonable fee or refuse the request.

Your Choices (Opt-Outs): In addition to the formal rights above, you have certain simple, practical choices about your data use:

  • You can choose not to provide certain information on our website (keeping in mind that we may not be able to respond to an inquiry or provide services if required information is missing).
  • You may opt out of marketing emails by clicking the “unsubscribe” link in any email or by contacting us to request removal.
  • If we ever use cookies or similar tracking, you can manage those via your browser settings or our provided cookie management tool (see our Cookie Policy if applicable).
  • You can request that we close your client account or delete your records from our CRM if you no longer want us to retain your contact information (again, subject to any legal retention requirements).

We are committed to enabling you to exercise control over your personal data and will assist you in any way we can. Please note that if you request deletion or restrict our ability to process your data, we may not be able to continue providing certain services to you. We will inform you if such a situation arises so you can make an informed decision.

Data Security

We take data security very seriously and have implemented a variety of technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures are designed to provide a level of security appropriate to the sensitivity of the personal data we process and the risk associated with various processing activities. Our security practices include:

  • Secure Transmission: Our website is encrypted using industry-standard Secure Socket Layer (SSL) technology (HTTPS) to ensure that any data you submit through web forms is transmitted to us securely. This helps prevent eavesdropping or interception of your information during transit.
  • Access Controls: Internally, we restrict access to personal data to those staff and contractors who need to know that information to operate, develop, or deliver our services. All employees of eCloud Global and any third-party processors who handle personal data are subject to confidentiality obligations and are trained on data protection best practices. We enforce administrative access controls so that personal data in our CRM or other systems can only be accessed by authorized personnel with unique user IDs and strong passwords.
  • Technical Safeguards: We employ modern security tools and protocols to protect our IT systems. This includes firewalls, antivirus and anti-malware protection, intrusion detection systems, and, where appropriate, data encryption at rest. For example, data stored in Zoho CRM and other cloud services we use is protected by the security measures of those providers (such as encryption and continuous monitoring), as well as by our own account management and authentication controls.
  • Monitoring and Testing: We regularly monitor our systems for possible vulnerabilities and attacks, and we carry out testing and evaluation of our security measures. We also keep our software, hardware, and devices up to date with the latest security patches to mitigate risks of breaches.
  • Data Backups and Recovery: To prevent data loss, we perform periodic backups of critical data. Backup data is stored securely and is subject to the same confidentiality protections. In case of any physical or technical incident, we have procedures in place to restore availability and access to personal data in a timely manner.

Despite our best efforts and robust measures, please be aware that no method of transmission over the internet, and no method of electronic storage, is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. Any transmission of information to us is at your own risk, and it is important for you as well to take precautions (for example, ensure that you use secure networks and protect your own devices from unauthorized access).

In the unfortunate event of a data breach that affects your personal data, we will follow all applicable breach notification laws. This means that if a breach occurs and poses a substantial risk to your rights and freedoms, we will notify the relevant authorities as required (such as the UAE Data Office or other regulators) and inform you without undue delay, as required by law, describing the nature of the breach and the steps we are taking to address it.

Links to Other Websites

Our website may contain links to third-party websites or services (for example, links to partner organizations, governmental portals for business setup, or informational resources). Please note that this Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices or content of external websites. If you click on a link to another site, we encourage you to read the privacy policy of that site, as it may collect personal information about you under its own terms. We do not have control over and assume no responsibility for the content or practices of any linked third-party sites.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us using the information below. We are here to help and will respond as promptly as possible:

eCloud Global (Ajman Free Zone License No. 4442612247)
Attn: Privacy Officer / Data Protection Manager
Ajman Free Zone, Ajman, United Arab Emirates
Email: info@ecloud.global (for general inquiries)

Note: The email and phone above are provided for privacy inquiries and requests. When you contact us, please include your name and sufficient detail about your request so we can effectively assist you. For security and to prevent unauthorized disclosures, we may need to verify your identity before executing certain requests (such as providing a data copy or deleting data).

Governing Law and Dispute Resolution

This Privacy Policy and any issues or disputes concerning personal data are governed by the laws of the United Arab Emirates. As a company domiciled in the UAE, we are subject to UAE law, including federal data protection regulations and any applicable local laws of the Ajman Free Zone. By engaging with our website or services, you acknowledge that this Policy is subject to UAE law.

In the event of any dispute arising from or related to this Privacy Policy or our handling of your personal data, we will first seek to resolve it amicably through discussion and cooperation with you. If a resolution cannot be reached, the dispute shall be subject to the exclusive jurisdiction of the courts of the United Arab Emirates. (If required or applicable, we may specify Ajman courts or another competent jurisdiction in the UAE for clarity, but in general UAE courts will have jurisdiction.)

Effective Date and Updates

Effective Date of this Policy: August 20, 2025. This Privacy Policy is effective as of the date above and will remain in effect until superseded by an updated version.

We may revise or update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes to how we collect or use personal data, we will update this Policy and change the “Effective Date” accordingly. In case of significant changes, we may also notify you by additional means (for example, by a notice on our website or by email, if appropriate). However, we encourage you to review this Policy periodically to stay informed about how we are protecting your information.

Your continued use of our website or services after any modifications to this Privacy Policy have been posted constitutes your acknowledgement of the updated Policy. If you do not agree to any changes, you should discontinue use of our services and may request us to remove your personal data as per the rights outlined above.