- Osome UAE
- Privacy Policy
Privacy and Data Protection Policy
1.Introduction
This privacy policy explains the data protection practices for Osome’s website, web application and mobile application (“Osome Applications”) as well as online services.
In this policy, “Personal Data” has the meaning given to it under applicable laws, and is generally understood to refer to any information about you from which you can be identified.
You acknowledge that you have fully read and understood this policy, and consent to the collection, use, processing and disclosure of your Personal Data as described in this policy.
2.Information About Us
The Osome Group comprises several legal entities. The legal entity responsible for your personal data aligns with the jurisdiction of the provider of the respective Osome Application or the location of the Osome entity providing services to you.
Jurisdiction/ Location | Data Controller |
|---|---|
| Singapore | Osome Ltd, a limited company registered in Singapore with registration number 201712242C whose registered office is at 68 Circular Road, #02-01, Singapore 049422 |
| United Kingdom | Osome Ltd, a private company limited by shares registered in England under company number 11952830 whose registered office is at 35 New Broad street, EC2M 1NH, UK. |
| Hong Kong | Osome Limited, a private company limited by shares registered in Hong Kong under company number 2833460 whose registered office is Unit 1603, 16th Floor, The L. Plaza, 367 - 375 Queen’s Road Central, Sheung Wan, Hong Kong |
| UAE | Osome Accounting & Bookkeeping L.L.C, a limited liability company registered in the United Arab Emirates with registration number 2713183 whose registered office is at Empire Heights A - 16F-A-04, Business Bay, Dubai, UAE |
That entity is referred to as “Osome”, "we", "us" or "our" in this policy.
3.Collection of Personal Data
Information You Provide
Your Personal Data may be provided to us by you or collected by us when you interact with our services or communicate with us, such as when you:
• Create an account with us, or subscribe, use or make payment for our services;
• Submit documents, forms or provide feedback to us;
• Contact us, including via our social media accounts or by interacting with our chatbot; or
• Respond to our advertisements, promotions or initiatives, or request to be included in our mailing list.
In such instances, the Personal Data that we collect includes:
• Profile Information, such as username, password, interests, preferences (including marketing and communication preferences) and the date you registered for an Osome account.
• Status Information, whether you are logged in to your account and when you last used the Osome Applications;
• Identity Information, such as name, age, birth date, passport or other identification number, and copies of identification documents;
• Contact Information, such as mobile number(s), telephone number(s), mailing or residential address and email address;
• Financial Data, such as bank account and payment card details;
• Transaction Data, such as information about the products and services purchased, and payments made; and
• Communications, such as the contents of emails or calls with us, communications via our website or digital applications, feedback and survey responses received.
As Osome relies on your Personal Data to provide products and services to you, please ensure that all Personal Data submitted to us is complete and accurate.
If you provide us with Personal Data relating to a third party (e.g. information relating to your spouse, children, parents, business partners and/or employees), you must ensure that you have obtained the consent of the third party to provide us with their Personal Data for the purposes provided.
Information Collected from Third Parties
We may also collect Personal Data about you from third parties, such as:
• References: when we receive references from affiliates and third parties, if you have been referred by them;
• KYC / Due Diligence: Information verifying your identity and information from Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) screening and other Know-Your-Client (KYC) checks, including Politically Exposed Person (PEP) checks and adverse media reports from providers of such services;
Information Automatically Collected
Technical and usage information is automatically collected by us when you use or access Osome Applications, such as:
• Usage and Log Information, including information about your activity on our Osome Applications, such as service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Osome Applications, how you interact with our staff and authorized people in our Osome Applications, and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports.
• Device and Connection Information, including device and connection-specific information when you install, access, or use our Osome Applications. This includes information such as the hardware model, operating system information, the app version, browser information, language and time zone, IP, device operations information, and identifiers, for example, the device identifier.
Our website and digital applications use cookies and similar technologies to automatically collect information to help us understand our website visitors and their traffic patterns. For more information, please refer to the section on Cookies and Similar Technologies below.
4.How We Process Your Information
Legal Bases for Processing
We process Personal Data only if we have a legal basis under applicable laws. The legal bases that we rely on to process your Personal Data include:
• Consent: Where we have obtained your consent to process Personal Data for a specified purpose;
• Performance of a contract: Where it is necessary for us to perform our contract with you; and
• Legal obligation: Where it is necessary for compliance with a legal obligation to which we are subject.
Legitimate Interests. To the extent permitted by applicable law, we process Personal Data in order to pursue our legitimate interests or those of third parties. We consider and balance any potential impact on you and your rights (both positive and negative) before processing your personal data for legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to do so by law).
We pursue legitimate interests to:
• Facilitate fraud prevention and detection of suspicious transactions;
• Ensure network and information security;
• Pursue direct marketing; and
• Enable administrative transfers within a group of companies.
We may rely on other legal bases to process your Personal Data to the extent available under applicable law.
Purposes for Processing
We collect, use and disclose your Personal Data for one or more of the following purposes:
• conducting KYC and due diligence exercises;
• processing payments;
• replying to your questions, feedback and requests;
• managing our business operations;
• delivering our digital services and operating the Osome Applications, including ensuring security, performing diagnostics, troubleshooting and performance monitoring and improving the Osome Applications;.
• complying with internal policies and procedures;
• providing updates and other communications on the development of our business process and applications;
• assessing and processing applications or requests made by you for Osome products and services offered, including but not limited to, bookkeeping service, incorporation services, corporate secretarial services, tax and accounting services and payroll services;
• managing commercial risks and risk management;
• in connection with any claims, actions or legal proceedings (including but not limited to drafting and reviewing documents, transaction documentation);
• conducting investigations relating to disputes, billing or fraud;
• managing and preparing reports on non-compliance cases;
• meeting or complying with any applicable laws, regulations, codes of practice or guidelines issued by legal or regulatory bodies;
• financial reporting and audit;
• project management;
• requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to review, develop and improve the quality of our products and services; or
• sending notifications and reminders about the services provided to you or actions taken or required by you or activity on the service or on the Osome Applications, including transaction notifications and reminders to provide missing documents.
We may aggregate and anonymise your personal data for other purposes.
We may also process personal data in your account at your request, including via APIs or Model Context Protocol servers.
If you have indicated that you consent to receiving marketing or promotional information via your telephone number, emails or other means of communication, Osome may contact you from time to time with information regarding our products and services.
You may contact us for more information about our processing activities and the relevant legal bases for processing.
5.Sharing of Personal Data
Your Personal Data may also be shared with one or more of the following parties:
• Other members of the Osome group of companies in other countries
• Third-party service providers that provide services to support our business, including:
- Technology and IT service vendors, including hosting and cloud services vendors, business analytics providers, and client relationship management (CRM) systems providers;
- Professional advisers such as auditors, accountants and lawyers;
- Providers that help us verify your identity, conduct Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) screening and other Know-Your-Client (KYC) checks;
- Payment processors that help us to process payments on our website or in our digital applications. They may process payments in accordance with their own privacy policies;
- Courier service providers that we engage to send you physical documents containing your Personal Data; or
- Agencies, such as debt collection agency, for the sole purpose of recovering unpaid or overdue invoices when direct collection efforts have failed.
• Business partners, financial institutions, banking partners, technology integration partners, channel partners and other third parties with whom we collaborate to provide, facilitate, enhance or expand our services, products, integrations, referrals, partnership programmes or customer offerings, where such disclosure is reasonably necessary for those purposes;
• Statutory bodies and public authorities, such as the Courts or regulatory agencies, where we are required or compelled to do so in accordance with applicable law.
In each case, your Personal Data is shared for one or more of the purposes set out in Section 4 (How We Process Your Information), and pursuant to one of the legal bases therein.
6.International Data Transfers
Your Personal Data may be transferred to, or stored at, an overseas location when we share your personal data with:
• Members of the Osome group of companies in locations where we have offices, such as Hong Kong, Singapore, the United Kingdom, UAE, or where our employees or contractors reside;
• Data centres and service centres in locations such as the United States and Malaysia; or
• Service providers that carry out certain functions on our behalf.
When we transfer data overseas, we ensure that the degree of protection afforded to you under applicable laws is not undermined by the transfer by ensuring that:
• The transferee is in a jurisdiction that affords an adequate level of protection to your Personal Data; or
• Appropriate safeguards, such as legally binding and enforceable obligations or standard contractual clauses approved by a relevant authority, are in place.
Otherwise, we ensure that the transfer is permitted by applicable law.
We have appropriate safeguards, such as information and cyber security controls to ensure that your personal data is protected. Osome has technical and organisational security measures in place to safeguard your personal data.
When using external service providers, we require that they adhere to security standards mandated by Osome. We may do this through contractual provisions, including any required by a privacy regulator, and oversight of the service provider. Regardless of where personal data is transferred, we take all steps reasonably necessary to ensure that personal data is kept securely. If you would like further information about this, please contact us using the details below.
7.Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8.Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including to comply with applicable legal, regulatory, tax, accounting and reporting obligations, and to establish, exercise or defend legal claims. Retention periods vary by data type, processing purpose, and applicable legal or regulatory requirements. When personal data is no longer required, it will be deleted, anonymised, or securely disposed of in accordance with our retention and deletion procedures.
9.Your Legal Rights
In accordance with applicable laws, you may have one or more of the following rights in relation to your Personal Data:
• Access. Request access to your Personal Data. This enables you to understand the Personal Data we hold about you and to check that we are lawfully processing it. Where permitted by applicable law, we may charge a fee to process your access request.
• Correction. Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Erasure. Request erasure of your Personal Data. This enables you to ask us to delete or remove personal data in certain circumstances.
• Objection. Object to processing of your Personal Data where we are relying on a public or legitimate interest (or those of a third party) as the legal basis for processing data. You may also object to your Personal Data being processed for direct marketing (including profiling that is related to direct marketing).
• Portability. Request the transfer of your personal data to you or to a third party. Where this right is available, you, or a third party you have chosen, will be entitled to receive Personal Data in a structured, commonly used, machine-readable format.
• Withdrawal of Consent. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case when you withdraw your consent.
• Restriction of Processing. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
- If you want us to establish the data's accuracy;
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
When responding to a request, we may ask for additional information to verify your identity, clarify the scope of your request or to speed up our response.
You also have the right to make a complaint to the relevant data protection authority.
Jurisdiction/ Location | Data Protection Authority | Website |
|---|---|---|
| Singapore | Personal Data Protection Commission (PDPC) | https://www.pdpc.gov.sg/ |
| United Kingdom | Information Commissioner’s Office (ICO) | https://ico.org.uk/ |
| Hong Kong | Office of the Privacy Commissioner for Personal Data (PCPD) | https://www.pcpd.org.hk/ |
| UAE | UAE Federal Data Protection Law (PDPL) - Federal Decree-Law No. 45 of 2021 | https://uaelegislation.gov.ae/en/legislations/1972/ |
10.Contact Us
If you have any questions / complaints about this privacy policy or about the use of your Personal Data or you want to exercise your privacy rights, please contact us at the following email address (to the attention of the Data Protection Officer): dpo@osome.com
11.Third-Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
12.Cookies and Similar Technologies
Our website and digital applications are set up to automatically collect anonymous information about visitors to help us understand our website visitors and their traffic patterns. This information is used for statistical purposes and to improve our service. Below is a list of cookies that we use on our websites and services. The types of cookies we use are always changing. If you think we’ve missed a cookie, please let us know.
Below is a list of cookies and similar technologies that we use on our websites and services.
Cookie name | Purpose |
|---|---|
| Facebook Ads | Tells us how our ads on Facebook are working and what kinds of users are interested in Osome. |
| Google Ads | A cookie that shows us how effective our Osome ad campaigns are by tracking how many users click through to our website from a particular ad, and the demographic of those users. |
| Google Analytics | Allows us to see how many users are on the Osome website, which pages they are visiting and track how many visitors joined Osome. |
| Google Optimise | Part of our testing platform to help us understand whether any changes we've made to Osome website pages have been well received. |
| Google Tag Manager | This cookie controls other cookies on the website. |
| Intercom | Intercom is a tool that allows users to chat to Support through our website. It uses a script with a visitor cookie associated with it. |
| Leadinfo | We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP-addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit www.leadinfo.com. On this page: https://www.leadinfo.com/en/legal/opt-out/ you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo”. |
| HubSpot | HubSpot sets a number of tracking cookies when a visitor lands on our website to understand their behavior better. To learn more about the different cookies we're using, check out HubSpot Cookie Policy. Types of cookies you can see here. |
This privacy policy was last updated on 6 July 2026.
We’re using cookies! What does it mean?