Aurex Global is committed to protecting the privacy and confidentiality of every individual who interacts with our firm. This Privacy Policy describes how we collect, use, store, and protect personal information — in alignment with the Saudi Personal Data Protection Law (PDPL) and the highest standards of professional confidentiality applicable to legal counsel.
Scope & Application
This Privacy Policy applies to all personal information collected through the Aurex Global website (aurexglb.com), through enquiry forms and direct correspondence, and in the course of providing legal services to clients of the firm.
By using our website, submitting an enquiry, or engaging Aurex Global for legal services, you acknowledge that you have read and understood the practices described in this Policy.
Information We Collect
We collect personal information that you voluntarily provide to us, as well as limited technical information collected automatically when you visit our website.
- Identification data: full name, organisation, professional title.
- Contact data: email address, telephone number, mailing address.
- Engagement data: details of your legal matter, area of practice, supporting documentation provided in the course of an enquiry or engagement.
- Verification data: identification documents required for client onboarding under Know-Your-Client (KYC) and Anti-Money Laundering (AML) regulations.
- Technical data: IP address, browser type, device information, and pages visited (collected through standard analytics).
Purposes of Processing
We process personal information solely for the following defined purposes:
- To respond to enquiries submitted through our website or other channels.
- To provide legal advisory, representation, and consultancy services agreed in an engagement letter.
- To comply with regulatory obligations applicable to the practice of law in the Kingdom of Saudi Arabia.
- To conduct conflict-of-interest checks and client verification procedures.
- To manage client relationships, billing, and internal record-keeping.
- To improve the functionality and accessibility of our website.
Legal Basis for Processing
Aurex Global processes personal information on one or more of the following legal bases:
- Consent: where you have voluntarily provided information through our enquiry form or correspondence.
- Contractual necessity: where processing is required to perform our obligations under an engagement letter.
- Legal obligation: where processing is required under applicable Saudi laws and regulations, including the Law of the Profession of Law and AML/CTF requirements.
- Legitimate interests: where processing is necessary for the legitimate operation of the firm, balanced against your privacy interests.
Sharing & Disclosure
Aurex Global treats all client information as strictly confidential and protected by the duty of professional secrecy applicable to legal practitioners. We do not sell, rent, or trade personal information.
We may disclose personal information only in the following circumstances:
- Where required to perform legal services on your behalf (for example, before courts, government authorities, or counterparties).
- Where compelled by a court order, regulatory requirement, or applicable law.
- To trusted service providers (such as IT, accounting, or attestation partners) who are bound by equivalent confidentiality obligations.
- With your express written consent.
Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law and professional obligations.
Client engagement records are retained for a minimum of ten (10) years following the conclusion of the matter, in accordance with the record-keeping obligations applicable to legal practitioners in the Kingdom of Saudi Arabia. Enquiry data not converted into an engagement is retained for up to twenty-four (24) months.
Data Security
Aurex Global maintains appropriate technical, administrative, and physical safeguards designed to protect personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted storage, access controls, periodic security reviews, and confidentiality undertakings from all personnel and contractors.
While we apply rigorous safeguards, no method of electronic transmission or storage is entirely secure. We cannot guarantee absolute security but commit to notifying you and the competent authorities of any data breach as required by applicable law.
Your Rights
Subject to applicable law and the duty of professional confidentiality, you have the following rights with respect to your personal information:
- Right of access: to request confirmation of whether we hold information about you, and to obtain a copy of such information.
- Right of correction: to request correction of inaccurate or incomplete information.
- Right of deletion: to request deletion of your information, subject to retention obligations under applicable law.
- Right to withdraw consent: to withdraw consent for processing where consent is the legal basis.
- Right to lodge a complaint: with the Saudi Data & Artificial Intelligence Authority (SDAIA) or other competent supervisory authority.
Cookies & Analytics
Our website uses minimal cookies necessary for functionality and basic analytics to understand website performance. We do not use cookies for advertising or third-party tracking. You may disable cookies through your browser settings; however, certain features of the website may not function properly as a result.
International Transfers
Personal information processed by Aurex Global is primarily stored within the Kingdom of Saudi Arabia. Where international transfer is necessary (for example, to communicate with foreign clients, courts, or counterparties), such transfer is conducted in accordance with the conditions and safeguards required under the PDPL and any applicable bilateral arrangements.
Protection of Minors
Our services are directed to institutional and adult individual clients. We do not knowingly collect personal information from minors under the age of eighteen (18) without verifiable parental or legal guardian consent.
Changes to This Policy
Aurex Global reserves the right to update this Privacy Policy from time to time to reflect changes in legal requirements, our services, or our internal practices. The current version and effective date will always be displayed at the top of this page.
Contact & Complaints
For any questions, requests, or complaints concerning this Privacy Policy or the processing of your personal information, please contact us through the channels below.
For privacy enquiries.
Our designated point of contact for data protection matters will respond to legitimate requests within thirty (30) calendar days.