Privacy Policy

Aurelian Mercantile DMCC (“we,” “us,” “our”) is the controller for personal data collected through this site and through our counterparty engagements. We are established in the Dubai Multi Commodities Centre, Dubai, United Arab Emirates.

We collect personal data in the following circumstances:

• Enquiry submissions. When you use the form on our contact page, we collect your name, organisation, country, counterparty type, email, telephone number (optional) and the message you send. We use this to assess and respond to your enquiry and to route it to the appropriate person.
• Counterparty onboarding. Where an engagement proceeds, we collect the identity, ownership, licensing and compliance documentation required to conduct due diligence and to meet our legal and regulatory obligations.
• KORA assistant interactions. If you interact with KORA, the conversation is processed to respond to your questions. Transcripts are retained for service operation and quality review, not for advertising or profiling.

We also use anonymised analytics on this site only after you opt in via the cookie consent banner — see our Cookie Policy.

We process enquiry data on the basis of our legitimate interest in responding to those who contact us, and onboarding and transaction data on the basis of steps taken to enter into and perform a contract and to comply with our legal and regulatory obligations, including anti money laundering and sanctions screening requirements.

We share personal data only with service providers engaged to operate the site and the firm:

• Hosting and edge delivery — our website hosting and content delivery provider, which may process data outside the UAE under appropriate safeguards.
• Database and form intake — the managed database provider that stores enquiry submissions.
• Transactional email — the provider that delivers enquiry notifications to our inbox.
• KORA — the AI assistant runtime, which may forward queries to a model provider under strict data processing terms.
• Professional advisers, banks and regulators — where required to conduct due diligence, settle transactions or meet a legal or regulatory obligation.

We do not sell personal data, and we do not share it with advertising networks.

• Enquiry submissions: 24 months from last interaction, then deleted or anonymised.
• KORA transcripts: 90 days for quality review, then anonymised.
• Counterparty and transaction records: retained for the duration of the relationship and for the period thereafter required by applicable anti money laundering, tax and commercial law.

Subject to UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and any other applicable law, you have the right to access the personal data we hold about you, to ask us to correct it, to ask us to delete it (subject to overriding legal obligations), to object to processing based on legitimate interest, and to withdraw consent where consent is the lawful basis. To exercise any of these, use our contact form or write to compliance@aurelianmercantile.com.

Some service providers process data outside the United Arab Emirates. Where this happens, the transfer is made under appropriate safeguards consistent with applicable UAE data protection law, including contractual protections with the relevant provider.

We use TLS for all data in transit, scoped access tokens for our service provider integrations, and least privilege access internally. We will notify affected individuals and the relevant authority of qualifying personal data breaches without undue delay.

We update this policy when our processing changes. The version currently in force always lives at this URL with the “last updated” date at the top.