Skip to content



Confluent Law Group

  • Confluent Law Group respects your privacy and is committed to protecting your personal data. This privacy notice aims to give you information on how we collect and process your personal data when you engage us to provide you with services, via your use of our website or otherwise.
  • We are a ‘controller’ of personal data within the meaning given by relevant data protection legislation. Confluent Law Group comprises associated firms and advocates who work together to advise clients on how to invest and operate in Iraq. Due to the nature of the jurisdiction associated with our work, we maintain appropriate confidentiality to ensure the security of our personnel. Confluent FZ LLC operates this website for the Confluent Law Group.
  • If you need further information about the Confluent Law Group or have any questions or complaints about our privacy notice or confidentiality or privacy practices please email
  • This notice describes:
    • The personal information that we collect
    • How we obtain personal information
    • How we use personal information
    • The basis upon which we use personal information
    • How long we keep personal information
    • Who we share personal information with
    • Our website
    • Cookies
    • Third party links
    • International transfers
    • How we protect personal information
    • Retention of your personal data
    • The legal rights of individuals whose personal information we process
    • Complaints


Personal information that we collect

  • Personal information (‘personal data’) means any information relating to an identified or identifiable natural person.
  • The personal data that we will collect is likely to be varied and include:
    • Identity, Contact and Identity Data – including name, date of birth, email address, postal address, telephone numbers, visa details, passport details and information provided or collected as part of our client take on or staff recruitment processes and as a result of individuals’ interactions with us in the course of our business;
    • Financial and Transaction Data – including bank account details, tax details,and details of payments from and to individuals;
    • Technical and Usage Data – including information about how individuals use our website;
    • Marketing and Communications Data – including preferences in receiving marketing from us. This includes attendance at events, and information provided to us for the purpose of attending events such as dietary information and accessibility requirements;
    • Information used to provide our services – including information provided to us by or on behalf of our clients or otherwise provided to us or generated by us in the course of providing services to our clients
  • We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature on our website. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
  • We may collect special category data and personal data relating to criminal convictions and offences. Special category data includes personal data which reveals racial or ethnic origin, religious or philosophical beliefs, trade union membership, data concerning health and data concerning a person’s sex life or sexual orientation. In particular, information about ethnicity and religion may be collected in the course of our recruitment processes.


How we obtain personal information

  • We obtain personal information in different ways, including through:
    • Direct contact with you – You may give us your Identity Data, Contact Data, Identity Data, Marketing and Communications Data by corresponding with us by post, phone, email, filling in forms on our websites or otherwise. This includes personal data you provide when you:
      • provide us with information, such as proof of identification and residence, for the purposes of our due diligence and compliance obligations;
      • provide us with information in order to allow us to provide you with our services or otherwise fulfil our obligations pursuant to any contract we have with you;
      • request marketing to be sent to you;
      • apply for a position with us;
      • respond to any survey we provide to you; or
      • give us any feedback.
    • Our clients, professional advisors and other suppliers – our clients, professional advisors and suppliers may give us personal information of individuals to enable us to provide our services.
    • Partner organisations – companies within the Confluent Law Group, and affiliates such as Gatherton, Tiller and Develdas to which the Confluent Law Group contracts services such as accounting, IT, marketing, HR and recruitment.
    • Other third parties or publicly available sources – We may receive personal data about you from third parties and public sources including, but not limited to:
      • analytics providers such as Google; and
      • Corporate registries, such as Companies House.
    • Automated technologies or interactions – If you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookies policy at for further details.


How we use personal information

  • We use personal information in a variety of ways including:
    • To provide our services to our clients;
    • To recruit employees of the business;
    • To manage and supervise our staff;
    • To promote our services and to manage our relationships with clients, prospective clients and business contacts;
    • To meet our professional, legal and regulatory obligations;
    • To meet our audit and insurance obligations
    • To otherwise administer and manage our business.


The basis on which we use personal information

  • Most commonly, we will use personal data in the following circumstances:
    • Where we need to do so to perform a contract we are about to enter into or have entered into – for example, a contract of employment;
    • Where it is necessary for our legitimate interests (or those of a third party, such as one of our clients) and the interests and fundamental rights of the individual whose personal information we are using do not override those interests – for example, in respect of provision or marketing of our services;
    • Where it is necessary to comply with a legal or regulatory obligation.
  • When we use special category data and data relating to criminal convictions and offences, it will normally be when this is necessary for the establishment, exercise or defence of legal claims, where we need to do so as an employer, or where necessary for reasons of substantial public interest set out in law.
  • Generally, we do not rely on consent as a legal basis for processing personal information. You can opt out of receiving direct marketing communications at any time.


Who we share personal information with

  • We may share personal information with third parties including:
    • In the course of providing services to our clients – for example when engaging professional advisors and suppliers on behalf of a client;
    • When we outsource services to connected companies within the Confluent Law Group, and affiliates such as Gatherton, Tiller and Develdas – for example for the purposes of accounting, IT, legal services, consultancy services, recruitment and marketing;
    • When engaging our own professional advisers – for example our legal advisors, auditors, bankers and insurers;
    • To regulatory authorities, courts, tribunals and law enforcement agencies.
  • Any information, including personal data, provided to the Confluent Law Group may be transferred to third-party contractors providing services, such as the provision of IT systems, storage and infrastructure, as well as functions to facilitate the organisation and analysis of material. The contractors will act as processors acting on behalf, and under the control, of Confluent Law Group.  These processors are subject to contractual obligations in relation to ensuring the security and confidentiality of the information, including personal data, they hold on behalf of the Confluent Law Group.
  • We do not sell personal data to third parties.



  • When you are visiting our website, you can set your browser to refuse all or some browser cookies, or to alert you when our website sets or accesses cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookies policy at

Third-party links

  • Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.


International transfers

  • In the course of providing services to our clients, we may share your personal data within the Confluent Law Group and affiliates and with other professional advisors and suppliers, some of which are based in the Middle East.
  • Whenever we transfer your personal data between countries, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
    • The transfer of your personal data to countries that have been deemed, in accordance with applicable data protection laws, to provide an adequate level of protection for personal data.
    • Where we use certain service providers, we may use specific contracts which give personal data the same protection it has where received.
  • Otherwise, we may transfer your personal data outside the jurisdiction where you have consented to the transfer, the transfer is necessary for the performance of a contract or pre-contractual measures with you, or the transfer is necessary for the conclusion or performance of a contract with another legal person in your interests. We may also transfer your personal data where this is necessary for important reasons of public interest recognised by applicable law.
  • Please contact us if you want further information on the specific mechanism used by us when transferring your personal data to other countries.


How we protect personal information

  • We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place appropriate measures to inform our staff about how we collect, handle and keep information secure.
  • We have put in place measures to deal with any suspected personal information breach and will notify relevant individuals and regulatory authorities of a breach when we are legally required to do so.


Retention of your personal data

  • We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
  • To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  • Details of retention periods for different aspects of your personal data can be obtained by contacting us via the means set out above.
  • In some circumstances you can ask us to delete your data: see below. We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely.


The legal rights of individuals whose personal information we process

  • You have rights in relation to your personal information.
  • This includes the right to request the following:
    • Access: this is commonly known as a “data subject access request.” This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
    • Correction: that any inaccurate information we hold about you is corrected;
    • Erasure: that information about you is deleted in certain circumstances;
    • Object to processing: that we stop using your personal information for certain purposes. You also have the right to object where we are processing your personal information for direct marketing purposes;
    • Restriction of processing: this enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
    • Transfer: you have the right to request that we transfer your personal information to another party.
  • Depending upon the nature of our relationship with you and our reasons for processing your personal information, in many cases we may not be able to comply with your request in relation to the rights listed above, which are limited to certain defined circumstances. However, we will tell you if that is the case and explain why.
  • If you make a request, we will aim to respond to you within one month. If you wish to exercise any of your rights, please contact us on the details provided above.



  • You have the right to complain to relevant data protection authority(ies) concerning our handling of your personal data. In the UK, the relevant data protection authority is the Information Commissioner’s office. We would, however, appreciate the chance to first deal with any concerns. If you have a complaint, please contact set out above, in the first instance.