Privacy Policy
Updated
Website: https://zweigadvisory.com
Joint Controllers: This Policy is issued jointly by:
- Zweig Services and Asset Management GmbH
Registered Address: Potsdamer Straße 92, 10785 Berlin, Germany
Primary Jurisdiction: European Union (GDPR) - Zweig Cost Control & Risk Management Services EST.
Registered Address: Westburry Tower 1, Business Bay, Dubai | UAE
Primary Jurisdiction: UAE (PDPL)
(Hereinafter collectively referred to as "Zweig Advisory," "we," "us," or "our").
Central Privacy Contact & Data Subject Rights Hub:
Email: privacy@zweigadvisory.com (Direct all rights requests and general privacy inquiries here)
This Privacy Policy explains how Zweig Advisory, as Joint Controllers, collects, uses, discloses, and safeguards your Personal Data when you visit our website or interact with us. This policy applies where your data processing is governed by the EU General Data Protection Regulation (GDPR) or the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL). If you do not agree with this Policy, please refrain from using the site.
This Policy forms part of our Terms of Use and may be supplemented by a Cookie Policy and jurisdiction-specific notices.
1) What We Collect
We collect Personal Data in three primary ways: (i) you provide it, (ii) it's collected automatically, or (iii) from third parties.
A. Data you provide
- Identifiers & Contact: Name, company, role/title, email, phone.
- Inquiry & Business Info: Message content, files you upload, meeting notes, service preferences.
- Recruitment Data (if you apply): CV/resume, cover letter, references, work history.
- Marketing Preferences: Newsletter subscriptions, event registrations.
B. Data collected automatically
- Usage & Device Data: IP address, approximate location (from IP), browser/OS, device type, pages viewed, referring/exit pages, timestamps, clickstream, error logs.
- Cookies & Similar Tech: See Section 7 below.
C. Data from third parties
- Service Providers: (e.g., analytics, security, email delivery).
- Public Sources: (e.g., company registries, professional profiles).
- Referrals/Partners: (if you were introduced to us).
We do not intentionally collect special categories of data (e.g., health, biometrics, religious beliefs) via the website, unless such data is voluntarily provided for a specific legal purpose (such as recruitment within the bounds of local law).
2) Why We Use Personal Data (Purposes & Legal Bases)
We process your Personal Data only when we have a valid legal basis for doing so, in accordance with GDPR Article 6 and PDPL Article 4. The lawful bases we rely on include:
| Purpose of Processing | Lawful Basis (GDPR/PDPL) | Description |
|---|---|---|
| Operate and Secure the Site | Legitimate Interests / Legal Obligation | Diagnostics, fraud/misuse prevention, maintaining security and integrity of systems. |
| Respond to Inquiries | Legitimate Interests / Steps Prior to Contract | Providing information and responding to requests you initiate. |
| Improve Content, UX, and Performance | Legitimate Interests / Consent | Analytics, A/B testing, and audience measurement. Relying on consent for non-essential cookies where required by law. |
| Send Updates and Marketing | Consent / Legitimate Interests (B2B) | Sending newsletters and updates. You have the right to object or opt out at any time. |
| Recruitment/HR | Legitimate Interests / Consent / Legal Obligation | Evaluating candidacy and communicating during the hiring process. |
| Comply with Laws and Enforce Rights | Legal Obligation / Legitimate Interests | Fulfilling KYC/AML requirements, recordkeeping, responding to regulatory inquiries, and enforcing our rights. |
Note on Consent (GDPR and PDPL): Where we rely on Consent, it must satisfy the highest threshold: it must be freely given, specific, informed, and unambiguous. You have the right to withdraw your consent easily at any time, which will not affect the lawfulness of processing carried out before the withdrawal.
3) Sharing & Disclosure
As Joint Controllers, we share Personal Data within Zweig Advisory and with external parties only as necessary for the purposes outlined above:
- Internal Group Transfer: Personal Data is shared between Zweig Services and Asset Management GmbH and Zweig Cost Control & Risk Management Services EST. to provide unified services, subject to the international transfer safeguards detailed in Section 4.
- Service Providers/Processors: (Hosting, cloud, analytics, security, communications, applicant-tracking). These parties are bound by strict confidentiality and data-processing agreements.
- Professional Advisers: (Legal, accounting, insurance).
- Authorities and Regulators: Where required by law, court order, or governmental request (e.g., to the German Supervisory Authority or the UAE Data Office).
- Corporate Transactions: (Merger, acquisition, reorganization), subject to appropriate confidentiality and data protection safeguards.
We do not sell personal information.
4) International Transfers
Due to the nature of Zweig Advisory operating across the EU and the UAE, the processing of your data involves International Transfers to countries that may not offer the same level of data protection as your home jurisdiction.
The transfer of Personal Data from the EU entity (Zweig Services and Asset Management GmbH) to the UAE entity (Zweig Cost Control & Risk Management Services EST.) is considered an international transfer to a third country that currently lacks an EU adequacy decision.
To ensure that your data remains protected when transferred from the EU to the UAE, we utilize the following mandatory safeguard:
Standard Contractual Clauses (SCCs): We have implemented the 2021 European Commission Standard Contractual Clauses (SCCs) as the required appropriate safeguard under the GDPR for transfers to third countries. These clauses are a binding contractual commitment between our EU and UAE entities to uphold GDPR-level data protection standards.
By accepting this Policy, you acknowledge that your Personal Data may be transferred to, and processed in, countries outside your jurisdiction.
5) Retention
We keep your Personal Data only as long as necessary for the purposes outlined in Section 2, and to meet mandatory legal, regulatory, tax, accounting, or reporting requirements (e.g., German commercial law or UAE financial regulations). When data is no longer needed, we delete or anonymize it using commercially reasonable measures.
6) Your Rights
Zweig Advisory is committed to providing a high, harmonized standard of data subject rights, applying the most robust requirements of either the GDPR or the UAE PDPL universally. Depending on your location, you may have the following rights:
Right to Access: To obtain a copy of your Personal Data and be informed about its processing.
Right to Rectification: To correct inaccurate or incomplete Personal Data.
Right to Erasure (Right to be Forgotten): To request the deletion of your data (subject to legal exemptions, such as mandatory legal compliance or defense of claims).
Right to Restriction or Objection: To request the restriction of processing in certain circumstances, or to object to processing based on legitimate interests or for direct marketing purposes. The objection to direct marketing is absolute and unconditional.
Right to Data Portability: To receive your data in a structured, commonly used, machine-readable format, where processing is based on consent or contract and carried out by automated means.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact our Central Privacy Contact at privacy@zweigadvisory.com.
Zweig Services and Asset Management GmbH is designated as the central contact point for the exercise of all data subject rights. We may verify your identity before responding.
You also have the right to lodge a complaint with a relevant Supervisory Authority (e.g., the German Data Protection Authority or the UAE Data Office).
7) Cookies & Similar Technologies
We use cookies, pixels, and similar technologies to operate the site, remember preferences, and measure performance.
Strictly Necessary Cookies: Are always on and essential for site function.
Analytics/Marketing Cookies: Are optional and used only with your consent (where required).
You can manage preferences via our Cookie Banner/Settings and through your browser. Blocking some cookies may impact site functionality.
8) Security
We implement appropriate technical and organizational measures (TOMs) designed to ensure a level of security appropriate to the risk of processing, taking into account the state of the art and the costs of implementation. These safeguards include, but are not limited to, TLS encryption in transit, strict access controls, and logging. No system is 100% secure. If you suspect a security issue, contact security@zweigadvisory.com. In the event of a data breach, we will notify the relevant supervisory authorities and affected data subjects without undue delay, in accordance with applicable laws.
9) Children
Our site is not directed to children, and we do not knowingly collect Personal Data from individuals under 16. If you believe a child has provided data, contact us to delete it.
10) Third-Party Sites
Our site may link to third-party websites or services. We are not responsible for their content, security, or privacy practices. Review their policies before using them.
11) Changes to this Policy
We may update this Policy from time to time. Material changes will be signposted on this page and, where appropriate, via on-site notice. The “Last updated” date reflects the latest version. Continued use after changes means you accept the updated Policy.
12) Contact Us
| Function | Entity | Address / Contact |
|---|---|---|
| Privacy / General Inquiries | Zweig Services and Asset Management GmbH (Central Contact) | privacy@zweigadvisory.com |
| EU Entity Address | Zweig Services and Asset Management GmbH | Potsdamer Straße 92, 10785 Berlin, Germany |
| UAE Entity Address | Zweig Cost Control & Risk Management Services EST. | Westburry Tower 1, Business Bay, Dubai |
Jurisdiction-Specific Addenda
A) EU/UK GDPR Addendum
This addendum applies to the processing of Personal Data of individuals in the European Economic Area (EEA) and the United Kingdom (UK).
Joint Controllership: Both entities are Joint Controllers, with Zweig Services and Asset Management GmbH responsible for maintaining the centralized Record of Processing Activities and managing all Data Subject Rights Requests centrally.
Legal Bases: Processing is governed by the legal bases listed in Section 2, specifically Articles 6 and 9 of the GDPR.
Representative (GDPR Article 27): Zweig Services and Asset Management GmbH is formally designated to serve as the Article 27 Representative for Zweig Cost Control & Risk Management Services EST. (UAE entity), to be addressed by supervisory authorities and data subjects on all issues related to the UAE entity's EU-facing processing activities.
International Transfers: Transfers outside the EEA (specifically to the UAE) are protected by the Standard Contractual Clauses (SCCs) as outlined in Section 4.
Supervisory Authority: You may lodge a complaint with your local supervisory authority (e.g., the German Data Protection Authority or the Information Commissioner's Office in the UK).
B) UAE PDPL Addendum
This addendum confirms our compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), which is the applicable law for our operations in the UAE.
PDPL Compliance: We process Personal Data in accordance with the PDPL, ensuring robust data protection controls and adhering to the principle of transparency.
Strict Consent and Objection: Where processing requires consent, it is obtained according to the strict PDPL requirements: it must be clear, simple, and unambiguous, and easily revocable. You have the explicit right to object to and stop processing intended for direct marketing purposes and statistical surveys.
Local Accountability: Zweig Cost Control & Risk Management Services EST. is responsible for implementing local technical and organizational security measures and ensuring operational compliance with local PDPL mandates.
Complaints: For complaints, contact our Data Protection Contact at privacy@zweigadvisory.com. You may also have the right to complain to the UAE Data Office (Bureau).
C) U.S. State Privacy Addendum (CCPA/CPRA and similar)
Data Handling: We do not "sell" or "share" Personal Information as defined by the CCPA/CPRA.
California Rights: California residents have the rights to know/access, delete, correct, and opt-out of sharing for cross-context behavioral advertising, and to non-discrimination. Submit requests at privacy@zweigadvisory.com.
Categories Collected: Identifiers, internet/usage data, professional information. Sensitive Personal Information (as defined by CPRA) is not intentionally collected via the website.
Approval and Endorsement
This Privacy Policy has been approved by the Senior Management of Zweig Advisory.
Signed by:
Name: Margarita Zweig, Alexander Zweig
Title: Managing Directors