Privacy
Policy

Who We Are

The data controller for personal data processed through the Platform is:

Where AML Guild processes personal data on behalf of a Client organisation, it may act as a data processor. In such cases, the Client organisation retains the role of data controller and processing is governed by a separate data processing agreement.

Jurisdictional Scope

AML Guild operates across multiple jurisdictions and complies with applicable data protection legislation in each region from which it receives personal data, including:

• United Arab Emirates: Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data
• United Kingdom: UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018
• Singapore: Personal Data Protection Act 2012 (PDPA)
• India: Digital Personal Data Protection Act 2023 (DPDPA)
• Hong Kong: Personal Data (Privacy) Ordinance (PDPO), Cap. 486
• Kingdom of Saudi Arabia: Personal Data Protection Law (PDPL) and its implementing regulations
• Australia: Privacy Act 1988 and the Australian Privacy Principles (APPs)

Where applicable law provides rights exceeding those described in this Policy, those rights will be honoured in full.

What Information We Collect

The Platform serves two principal groups: Experts and Clients. The data we collect varies by relationship.

3.1 Identity and Contact Information

Collected from all users:

• Full name, professional title, and designation
• Email address, telephone number, and postal address
• Organisation name, company registration details, and professional role
• Professional credentials or LinkedIn profile where voluntarily provided

3.2 Expert Profile Information

• Professional qualifications and certifications (including CAMS, ICA, ACAMS, and CFE)
• Employment history and areas of specialisation within AML/CFT/CPF
• Jurisdictional expertise and sector experience
• Professional biography and profile photograph
• References, testimonials, or peer endorsements voluntarily provided
• Records of Engagements completed through the Platform, including feedback and performance data

3.3 Client and Booking Information

When a Client books an Expert, we collect:

• Name and contact details of the individual making the booking and the Client organisation's authorised representative
• Company name, registered address, and relevant corporate information
• Nature of the compliance matter or assignment, including the regulatory issue, risk area, or project scope
• Jurisdiction or jurisdictions in which the compliance challenge arises
• Applicable regulatory framework or supervisory authority context
• Preferred Engagement format, timeline, and any other instructions at the time of booking
• Correspondence and communications exchanged through the Platform in connection with the Engagement
• Records of completed, ongoing, or cancelled bookings

3.4 Payment and Billing Information

• Billing name and address
• Payment method details, processed via PCI-DSS-compliant third-party providers
• Transaction history, fee records, and invoicing information

AML Guild does not store full payment card details directly.

3.5 Technical and Engagement Data

• IP address, browser type, and operating system
• Device identifiers and session data
• Pages visited, features used, and duration of sessions
• Referral sources and engagement data from marketing communications

3.6 Compliance and Verification Data

• Identification documents where required for onboarding or KYC purposes
• Sanctions screening and adverse media check results
• Due diligence information on Experts and institutional Clients

How We Use Your Information

4.1 Provision of Services

• To match Clients with Experts and facilitate Engagements across all booking types
• To process and manage bookings, including scope documentation and milestone tracking
• To share relevant booking and assignment details with the matched Expert to the extent necessary for delivery
• To process payments and issue invoices

4.2 Platform Improvement

• To understand how the Platform is used and identify areas for improvement
• To develop new features and resources relevant to the AML/CFT community
• To monitor platform performance and resolve technical issues

4.3 Marketing and Communications

• To provide regulatory updates, platform news, and professional resources
• To send newsletters and compliance publications to which you have subscribed

You may unsubscribe from marketing communications at any time by following the instructions in our emails or by contacting info@amlguild.com.

4.4 Legal and Regulatory Compliance

• To fulfil obligations under applicable AML, data protection, and other regulatory frameworks
• To conduct sanctions screening and due diligence on Platform participants
• To respond to lawful requests from regulatory authorities, courts, or law enforcement

4.5 Fraud Prevention and Security

• To detect and prevent fraudulent activity or misuse of the Platform
• To maintain the integrity of Expert profiles and Client representations

Legal Bases for Processing

• Contractual necessity: where processing is required to provide the services you have requested
• Legitimate interests: where processing serves our legitimate business interests without overriding your rights
• Legal obligation: where processing is required to comply with applicable law
• Consent: where you have given clear, informed consent for a specific purpose

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Sharing of Personal Information

AML Guild does not sell personal data. We may share information in the following circumstances:

• With Experts, where a Client profile and booking details are shared as part of a matched Engagement
• With technology and service providers supporting the Platform, under data processing agreements
• With professional referees or verifiers during Expert onboarding
• With regulatory authorities, courts, or law enforcement, where required by law
• With associated entities within the NIYEAHMA group for service delivery purposes
• With a successor entity in the event of a merger or acquisition, subject to equivalent privacy protections

Cookies

AML Guild uses cookies and similar technologies to improve the Platform and gather analytics. Cookie types include strictly necessary, analytical, functional, and marketing cookies. You may manage cookies through your browser settings. Where applicable law requires it, consent will be sought before placing non-essential cookies.

International Transfers

As a multi-jurisdictional platform, personal data may be transferred internationally. Where such transfers occur, we apply appropriate safeguards, including adequacy decisions, standard contractual clauses, or equivalent mechanisms. For further information, contact us at info@amlguild.com.

Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected and to meet our legal obligations. Relevant factors include the nature of the data, applicable regulatory requirements, and the potential risk of harm. Upon expiry of the retention period, data is securely deleted or anonymised.

Your Rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict, or port your personal data, to object to processing, to withdraw consent, and to lodge a complaint with the relevant supervisory authority. To exercise any of these rights, contact info@amlguild.com. We will respond within the timeframe required by applicable law.

Security

AML Guild implements appropriate technical, administrative, and physical safeguards to protect personal data. In the event of a data breach likely to affect your rights, we will notify you and the relevant supervisory authority as required by law.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated in advance. The date of the most recent update is shown at the top of this document.

Contact