LMC Privacy Policy

Data Protection and Privacy Policy

INTRODUCTION
Lynceus Management Consulting (LMC) is committed to data protection and data privacy. This Policy outlines how LMC deals with personal data. The policy applies globally and ensures that data is collected, stored, processed and deleted as prescribed by the applicable legal frameworks and aligned to our partners expectations and trust in us.

SCOPE OF THIS POLICY
The Policy applies to all LMC staff irrespective of role, seniority or geographic location from the start of their employment and after the end of their employment at LMC.

This Policy also applies to external stakeholders of LMC including our clients, suppliers, potential and dismissed employees, visitors to LMC website and anyone who performs services on behalf of LMC anywhere in the world from the start of the relationship between LMC and the partner and after the end of the relationship.

This Policy applies to all data collected, stored and processed by LMC. Personal data is any information relating to a natural person who is or can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. This can include in particular:
  • Name
  • Physical address
  • Email address
  • Telephone number
  • Passport or ID card
  • Date of birth
  • Fingerprints
Processing of personal data includes obtaining, recording, organisation, retention, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, deletion or destruction.

Lynceus Management Consulting is incorporated in the United Arab Emirates and is compliant with the Personal Data Protection Law, Federal Decree Law No. 45 of 2021 regarding the Protection of Personal Data which constitutes an integrated framework to ensure the confidentiality of information and protect the privacy of individuals in the UAE and outside it. In jurisdictions other than UAE, this Policy shall apply unless it contradicts with local legislation in which case each matter shall be reviewed and addressed individually.
PRINCIPLES OF PERSONAL DATA PROCESSING
  • Data shall only be collected and processed upon consent provided by the individual whose data is being collected and processed.
  • The data shall only be collected in a fair and legal manner.
  • The data shall only be collected in the amount that is required for the intended purpose and shall not be excessive.
  • The data shall be collected for a specific purpose that has been defined prior to data collection. The purpose shall be stated, and legitimate and cannot be changed after the data has been collected.
  • The data subject shall be informed how the data is to be used and managed and shall be collected directly from the subject.
  • All personal data shall be treated as strictly confidential, shall not be shared with third parties or for any purposes other than intended and shall be secure from loss or damage and access to it shall be limited to authorised individuals.
  • Personal data shall be retained for a period that is necessary and no longer in a way that the subject can be identified. In some cases, data maybe be kept on file for longer periods if there is sufficient reason to do and, in such cases, data shall be kept in line with the above principles until it is decided to delete the data.
  • All data shall be up-to-date, complete and accurate, otherwise data shall be deleted.
COLLECTION AND PROCESSING OF PERSONAL DATA
LMC shall only collect data to perform its duties before staff and partners. In accordance with legislation, LMC can process personal information, so long as there are grounds to do so and this must be disclosed to the data subject. The following processing conditions shall apply to personal data collected and process by LMC:
  • Counterparty due diligence where procedures are required to be performed in order to evaluate the risks of engaging with a counterparty, performing services for the counterparty and receive services from a counterparty;
  • Performance of a contract and fulfilment of obligations under a contract;
  • In order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;
  • As part of subscriptions to newsletters and news/update mailings;
  • As part of submission of feedback, requests, queries and job applications via LMC website, email or in hard copy;
  • For the purposes of processing incidents reported by internal and external stakeholders;
  • Collection of research data through surveys, questionnaires and other forms of data collection for the purposes of developed an anonymised research output;
  • Administration tasks such as talent recruitment, staff travel and visa arrangements;
  • Personal data shall be processed where it is in LMC’s legitimate interest in running a lawful business to do so in order to further that business, so long as it doesn’t outweigh interests of the data subjects;
  • Explicit consent given by the data subject. In such instances specific permission to process some personal information shall be requested and processed only if consent is given. The consent can be withdrawn by the data subject at any time by notifying the LMC staff who collected the information in writing.
Examples of the ‘legitimate interests’ referred to above are:
  • To offer information and/or services to individuals who visit LMC website or offer information about employment opportunities.
  • To prevent fraud or criminal activity and to safeguard LMC IT systems.
  • To customise individuals’ online experience and improve the performance usability and effectiveness of LMC’s online presence.
  • To conduct, and to analyse, LMCs marketing activities.
  • To meet LMC’s corporate and social responsibility obligations.
  • To exercise fundamental rights including the freedom to conduct a business and right to property.
All personal data collected and processed shall be collected and processed with the consent of the data subject on a voluntary basis in written and verbal format.

Any unauthorised collection, processing, storage of personal data is strictly prohibited. Any data collected, processed, stored by LMC staff that was not authorized as part of his/her duties or does not comply with the above principles of personal data processing shall be deemed unauthorized.

LMC staff are prohibited from using personal data for commercial and private purposes, disclose it to unauthorised individuals and third parties inside and outside LMC.
LMC does not publish personal data in the public domain without the consent of the individual concerned.

In some cases, the personal data that we collect will also include special categories of data, such as diversity related information (including data about racial and ethnic origin, political opinions, religious beliefs and other beliefs of a similar nature, trade union membership and data about sexual life and sexual orientation), or health data and data about alleged or proven criminal offenses in each case where permitted by law.
DATA SECURITY
LMC makes reasonable effort to ensure that data is protected from unauthorized loss, misuse, alteration, or destruction. However, despite best efforts, data security cannot be guaranteed against all possible threats. To the best of LMC’s ability access to data shall be limited to authorised persons only and confidentiality shall be preserved by those individuals.

RIGHTS OF INDIVIDUALS
  • Access - the right to obtain information on the categories of personal data being processed, the purpose of the processing, the decisions made upon automated processing, entities with whom the personal data is shared.
  • Data portability - the right to receive personal data in a structured and machine-readable format.
  • Rectification and erasure - the right to rectify inaccurate personal data and the right to delete personal data and be forgotten.
  • Restriction of processing - the right to restrict and stop the processing of data where it is inaccurate or there is an objection to the purpose of the processing.
  • Processing - the right to object to automated decisions made by automated processing of personal data.

TRANSFER OF PERSONAL DATA
Any transfer of personal data outside LMC shall be conducted with the written consent of the data subject.

Upon receipt of consent from the data subject, data shall be transferred only to entities and jurisdictions which have implemented high quality data protection internal policies and legislation, respectively.

The recipient of the data shall agree to the data protection practices which are at least equivalent or better than the provisions of this Policy.

Personal data shall be transferred in cases where this is required by legislation. Data subject’s interests shall be protected to the extent possible in the context of legal requirements to obtain, process, transfer, disclose and store data.
COMPLIANCE
Compliance to this Policy is the responsibility of every employee of LMC at all times.
Failure to comply with the provisions of this Policy shall be reported by suspecting individuals to management of LMC immediately and logged into the non-compliance log to be reviewed by the Risk and Compliance Committee.
Instances of non-compliance shall be investigated by the Risk and Compliance Committee and appropriate disciplinary actions shall be taken.
Individuals reporting non-compliance shall be protected from retaliation for reporting such instances and any cases of retaliation shall result in disciplinary actions.
Any questions or queries regarding this Policy and its provisions shall be directed to lmc@lynceusconsulting.com.

APPROVAL
This policy has been approved by executive management of Lynceus Management Consulting on 7 July 2025.
Company
Capabilities
Expertise
Contacts

© 2025 Lynceus Management Consulting. All Rights Reserved.
Made on
Tilda