Arxsetup.
Request a proposal

Privacy Notice

Effective 18 May 2026. This Privacy Notice describes how Neo International Consultancy FZ-LLC, trading as ArxSetup ("ArxSetup", "we", "us", "our"), collects, uses, stores, shares and protects personal data when you visit our website, submit an enquiry, engage our services or correspond with us.

1. Who we are and how to contact us

The data controller is Neo International Consultancy FZ-LLC, a free zone limited liability company incorporated in the Emirate of Dubai under Dubai Development Authority (DDA) commercial licence number 107229, with its registered office at Unit L1-206, Floor 02, Loft Offices 1, Dubai Media City, Dubai, United Arab Emirates. We trade as ArxSetup at arxsetup.ae.

For all privacy-related matters please contact our Data Protection Officer at privacy@arxsetup.ae.

2. The personal data we collect

We collect the following categories of personal data:

  • Identification data — full name, date of birth, nationality, gender, passport number and copy, national-ID copy where applicable, photograph.
  • Contact data — postal address, residential address, email address, telephone number.
  • Professional data — employer, role, professional history, professional qualifications, source of wealth, source of funds.
  • Financial data — bank details (for invoicing and refund purposes), tax-residence information, financial-statement information for the entities we administer for you.
  • Regulatory data — Politically Exposed Person status, sanctions-screening results, beneficial-ownership particulars required by registries and tax authorities.
  • Engagement data — correspondence with us, instructions you provide, documents you upload, recordings of telephone or video meetings (where lawful and on notice).
  • Website data — IP address, browser type, device information, pages visited, referrer, in each case as captured in our server logs for security and abuse-prevention purposes. We do not deploy third-party analytics or advertising cookies on this site; see our Cookies Policy.

3. How we collect personal data

We collect personal data: directly from you (enquiry form, email, telephone, document uploads); from companies, agents or representatives instructing us on your behalf; from public records and registries (corporate registries, sanctions lists, PEP databases); and from third-party identity-verification providers used in our KYC processes.

4. Why we process personal data and the legal bases

We process personal data for the following purposes, on the following legal bases under UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law — "PDPL") and, where applicable, the EU General Data Protection Regulation ("GDPR"):

PurposeLegal basis (PDPL / GDPR)
Responding to your enquiry and providing a written quoteSteps prior to contract at your request
Providing the Services under our Engagement LetterPerformance of a contract
Customer due diligence, sanctions screening, ongoing AML monitoringLegal obligation (UAE Federal Decree-Law No. 20 of 2018)
Maintaining accounting and tax recordsLegal obligation (UAE Corporate Tax Law, UAE VAT Law)
Reporting suspicious activity to the UAE Financial Intelligence UnitLegal obligation
Establishing, exercising or defending legal claimsLegitimate interest
Securing our website and preventing abuseLegitimate interest
Direct marketing of related services to existing clientsLegitimate interest, with opt-out

5. Sharing personal data

We share personal data only as necessary to deliver the Services or meet legal obligations:

  • Regulators and registries — IFZA, DMCC, Meydan, JAFZA, ADGM, DIFC, Dubai DED, Abu Dhabi DED, BVI FSC, CIMA (Cayman), Registro Público de Panamá, ACRA (Singapore), ASIC (Australia), Companies Registry (Hong Kong), Liechtenstein Office of Justice, Marshall Islands Registry, UAE Federal Tax Authority, UAE Ministry of Economy.
  • Affiliated Firms and licensed third-party providers — Neo Legal (UAE), Cornwalls (Australia), FTA-registered tax-agent partners, registered agents in offshore jurisdictions, audit firms, and corporate-service providers where required to deliver elements of the Services we cannot perform under our own DDA licence.
  • Partner banks — where you have instructed us to arrange a banking introduction, including Emirates NBD, ADCB, FAB, Mashreq Neo Biz, Wio, RAKBANK, DBS, OCBC, NAB, ANZ, Wise Business, Revolut Business and Airwallex.
  • Professional advisers — our own lawyers, accountants, auditors and insurers, each subject to equivalent obligations of confidentiality.
  • Government authorities — including the UAE Financial Intelligence Unit (via goAML) where we form a suspicion under the AML/CFT regime, and other authorities where required by law or regulator order.
  • IT and service providers — our document-management, email, video-meeting and identity-verification providers, each engaged under data-processing agreements.

We do not sell personal data. We do not share personal data with third parties for marketing purposes.

6. International transfers

Some service providers (registered agents in BVI, Cayman, Panama, Marshall Islands and elsewhere; software providers in the EU and US) are located outside the United Arab Emirates. Where personal data is transferred outside the UAE, we ensure an appropriate transfer mechanism is in place:

  • Adequacy — transfers to jurisdictions recognised by the UAE Data Office as providing an adequate level of protection;
  • Standard Contractual Clauses — transfers to other jurisdictions are made under PDPL-compliant standard contractual clauses (or, where applicable, EU Commission SCCs);
  • Necessity — transfers necessary for the conclusion or performance of a contract concluded in your interest under PDPL Article 22.

7. Retention

We retain personal data only for as long as necessary for the purposes described above. Specifically:

  • Engagement files (correspondence, advice, deliverables): for the duration of the engagement plus seven (7) years.
  • AML/KYC records: for at least five (5) years from the end of the business relationship (UAE Federal Decree-Law No. 20 of 2018).
  • Accounting and tax records: for seven (7) years from the end of the relevant tax period (UAE Federal Decree-Law No. 47 of 2022).
  • Enquiries that did not result in engagement: for thirty (30) days from last contact, then deleted unless you elect to proceed.
  • Server logs: ninety (90) days, then deleted.

After the relevant retention period has elapsed, we will delete or anonymise records.

8. Security

Personal data is stored in environments aligned with SOC 2 Type II controls, hosted in the European Union and the United Arab Emirates. Documents are encrypted at rest and in transit. Access is restricted to authorised personnel on a need-to-know basis, each subject to written confidentiality obligations. We do not transmit Client documents in plain email; document exchange uses encrypted portals. Multi-factor authentication applies across all internal systems.

9. Your rights

Subject to UAE PDPL and applicable law, you have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data, subject to our regulatory retention obligations;
  • request restriction of processing;
  • request portability of personal data you provided;
  • object to processing carried out on the basis of legitimate interests;
  • withdraw consent where processing is based on consent (without affecting the lawfulness of earlier processing);
  • lodge a complaint with the UAE Data Office or, where applicable, your local data-protection authority.

To exercise any of these rights please email privacy@arxsetup.ae. We respond to verified requests within thirty (30) days. We may need additional information to verify your identity before acting on a request.

10. Children

Our services are not directed at, and we do not knowingly collect personal data from, individuals under eighteen (18). If you become aware that a child has provided personal data to us, please contact us.

11. Automated decision-making

We do not make decisions about you based solely on automated processing in a way that produces legal or similarly significant effects. KYC sanctions and PEP screening uses automated tools but adverse outcomes are always reviewed by a human compliance officer before action is taken.

12. Cookies

Our website uses only strictly necessary cookies. See our Cookies Policy.

13. Complaints

If you have a concern about how we process your personal data, please contact us first at privacy@arxsetup.ae. If your concern is not resolved, you have the right to lodge a complaint with the UAE Data Office (under the UAE PDPL) or with your local data-protection authority.

14. Changes to this Notice

We may update this Privacy Notice from time to time to reflect changes in law, regulator guidance or our practices. The current version is always available at this URL. Material changes will be flagged on our home page for at least thirty (30) days. You may request previous versions by emailing the address above.

Issued by Neo International Consultancy FZ-LLC, DDA licence 107229, Unit L1-206, Floor 02, Loft Offices 1, Dubai Media City, Dubai, UAE. Last updated 18 May 2026. The English version of this Privacy Notice prevails over any translation provided for convenience.