Last updated: 20/01/2026
This Privacy Policy (the “Policy”) explains how Capitals 28 (“Capitals 28”, “we”, “us”, “our”) collects, uses, stores, shares, and protects personal data when you visit or use https://capitals28.com (the “Website”), submit an inquiry, request a consultation, or use our services.
This Policy is intended to meet transparency requirements under the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.
By using the Website or submitting your personal data to us, you acknowledge that you have read and understood this Policy.
If you do not agree with this Policy, you should stop using the Website.
1) Data Controller (Who Controls Your Data)
For the purposes of GDPR, Capitals 28 acts as the data controller of the personal data collected through the Website and our communications.
Controller contact details:
Website: https://capitals28.com
Email: [email protected]
Phone: +971 55 440 0028
2) Personal Data We Collect
We collect personal data in two ways: (A) data you provide to us and (B) data collected automatically.
A) Data you provide to us
Depending on your interaction with us, we may collect:
Full name
Phone number
Email address
Country of residence and nationality (if provided)
Company-related details (e.g., business activity, preferred jurisdiction, licensing needs)
Service-related details you share for company formation, visa support, residency support, and related advisory services
Documents you voluntarily submit (e.g., passport copy, Emirates ID, visa page, proof of address), where relevant
Any information you include in your messages or requests (via forms, email, phone, WhatsApp, or social media)
You may choose not to provide certain information, but this may limit our ability to respond or deliver the requested service.
B) Data collected automatically
When you browse the Website, we may automatically collect:
IP address
Browser type, device type, and operating system
Approximate location (based on IP address)
Website usage data (pages visited, time spent, clicks, referral source)
Cookie identifiers and similar tracking technologies
3) Special Category Data (Sensitive Data)
In some cases, particularly for visa or residency-related requests, we may receive data that could be considered special category data under GDPR (for example, information included within identity documents).
We only process such data where it is necessary for the service you request and where GDPR permits it, including where explicit consent is required.
4) Why We Use Your Data (Purposes)
We may use personal data for the following purposes:
To respond to inquiries and provide consultations
To assess your needs and recommend relevant services
To deliver and manage the services you request
To communicate with you regarding your request (including follow-ups)
To improve our Website performance and user experience
To conduct internal reporting, analytics, and service optimization
To send service updates or marketing communications where permitted (and you can opt out)
To comply with legal obligations and respond to lawful requests
To prevent fraud, misuse, and security incidents
5) Legal Bases for Processing (GDPR Article 6)
Where GDPR applies, we process personal data under one or more of the following legal bases:
Consent (Article 6(1)(a)) — for example, when you submit a form or accept non-essential cookies
Contract / steps prior to contract (Article 6(1)(b)) — to provide requested services or quotations
Legal obligation (Article 6(1)(c)) — where we must comply with applicable laws
Legitimate interests (Article 6(1)(f)) — for example, responding to inquiries, improving services, preventing fraud, and securing our Website
Where we rely on legitimate interests, we balance our interests against your rights and freedoms.
6) How We Share Your Personal Data
We do not sell your personal data.
We may share personal data only when necessary, including with:
Our employees and authorized staff who need the data to support your request
IT and operational service providers (e.g., hosting, CRM systems, communications tools)
Professional advisers (lawyers, auditors, consultants) where required
Government authorities, regulators, or law enforcement where required by law
Third parties involved in delivering a service you request, where relevant
Third parties are expected to process personal data securely and only for the permitted purpose.
7) International Transfers (GDPR Chapter V
Capitals 28 is based in the United Arab Emirates, and personal data may be processed in the UAE and/or other countries where our service providers operate.
Where we transfer personal data outside the EEA, we implement appropriate safeguards, such as:
Standard Contractual Clauses (SCCs) approved by the European Commission, and/or
Other lawful transfer mechanisms permitted under GDPR
You may request information about these safeguards by contacting us.
8) Data Retention
We keep personal data only as long as necessary for:
Providing requested services and managing communications
Legal, regulatory, tax, and compliance requirements
Resolving disputes and enforcing agreements
When personal data is no longer needed, we securely delete or anonymize it where feasible.
9) Cookies and Tracking
We use cookies and similar technologies to:
Ensure the Website functions correctly
Improve Website performance and user experience
Understand how visitors use the Website
Measure marketing effectiveness (where enabled)
Where required, we will request your consent before placing non-essential cookies (such as analytics or marketing cookies).
You can manage cookie settings through your browser and through any cookie banner preferences available on the Website.
More information is provided in our Cookies Policy.
10) Marketing Communications
If you contact us, we may communicate with you about your inquiry and services.
Where permitted, we may also send marketing messages. You can opt out at any time by contacting us at [email protected]
Opting out of marketing does not stop important service communications related to an active request.
11) Your GDPR Rights (EEA/UK Users)
If you are located in the EEA or UK, you may have the right to:
Request access to your personal data
Request correction of inaccurate or incomplete data
Request deletion of your personal data (subject to legal requirements)
Restrict processing in certain circumstances
Request data portability (where applicable)
Object to processing based on legitimate interests
Object to direct marketing at any time
Withdraw consent at any time (where processing is based on consent)
Lodge a complaint with your local data protection authority
To exercise your rights, contact us at [email protected]
12) Automated Decision-Making
We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects.
If this changes, we will update this Policy accordingly.
13) Data Security
We implement reasonable technical and organizational safeguards to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
However, no online transmission or storage system is 100% secure, and we cannot guarantee absolute security.
14) Children’s Privacy
Our Website and services are not intended for children, and we do not knowingly collect personal data from individuals under 16 years old.
If you believe a child has provided us with personal data, contact us to request deletion.
15) Third-Party Links
The Website may contain links to third-party websites. We are not responsible for their privacy practices.
You should review third-party privacy policies before submitting personal data to them.
16) Updates to This Policy
We may update this Policy from time to time. Any updates will be posted on this page with a revised “Last updated” date.
Your continued use of the Website after changes are posted means you accept the updated Policy.
17) Contact Us
If you have questions about this Privacy Policy or how we process personal data, contact:
Capitals 28
Website: https://capitals28.com
Email: [email protected]
Phone: +971 55 440 0028
