Privacy Policy
GILLARD Atelier FZ-LLC
Dubai, United Arab Emirates
Effective date: 29 June 2026
Last updated: 29 June 2026
GILLARD Atelier FZ-LLC ("GILLARD Atelier", "we", "us" or "our") respects your privacy and is committed to protecting your personal data. We are an architecture, interior design and creative consultancy practice based in Dubai, and we work with clients, partners and collaborators across the world.
This Privacy Policy explains how we collect, use, store, share and protect personal information, and the rights available to you, when you:
- Visit our website;
- Contact us regarding our services;
- Engage us on a design project;
- Subscribe to updates or marketing communications; or
- Interact with us through social media, events or professional networks.
We are committed to maintaining the confidentiality, integrity and security of all information entrusted to us. Please read this policy together with any other notice we may provide on specific occasions when we collect or process your personal data, so that you are fully aware of how and why we are using it.
1. Who We Are and How to Contact Us
GILLARD Atelier FZ-LLC is a company incorporated in Dubai, United Arab Emirates (trade licence number 107938), and is the data controller responsible for your personal data. If you have any questions about this policy, or wish to exercise any of your rights, please contact us:
GILLARD Atelier FZ-LLC
SD2-075, Third Floor, d3 Co-working Building 3,
Dubai, United Arab Emirates
Free zone: Dubai Development Authority
Email: dxb@gillardatelier.com
Website: www.gillardatelier.com
If you have a data protection enquiry, please mark it for the attention of our Data Protection contact at the email address above.
2. Applicable Data Protection Laws
As a business based in the United Arab Emirates that serves an international client base, we process personal data in accordance with:
- UAE Federal Decree-Law No. 45 of 2021 concerning the Protection of Personal Data (the "UAE PDPL") and its Executive Regulations and other applicable UAE federal laws and regulations;
- The UK GDPR and the Data Protection Act 2018, where we process the personal data of individuals in the United Kingdom;
- The EU GDPR (Regulation (EU) 2016/679), where we process the personal data of individuals in the European Economic Area; and
- Any other data protection laws that apply to a particular engagement.
Where more than one law applies, we apply a consistent and high standard of privacy protection to all personal information, regardless of where you are located.
3. The Information We Collect
Personal data means any information relating to an identified or identifiable individual. It does not include data where the identity has been removed (anonymous data). Depending on how you interact with us, we may collect the following categories of personal data.
Identity Information
Name, job title, professional role and company name.
Contact Information
Email address, telephone number, postal address and billing address.
Project Information
Information relating to a design engagement, which may include property addresses, architectural drawings, interior layouts, floorplans, design briefs, site photographs, material specifications, project budgets, development information, contractor and consultant details, and project schedules and timelines.
Financial Information
Bank account details, invoicing information and payment records.
Technical Information
IP address, browser type, device information, website analytics data and cookie information.
Marketing and Communications Information
Newsletter subscriptions, communication preferences and event registrations.
Aggregated Data
We may also collect, use and share aggregated data, such as statistical or demographic data, for any purpose. Aggregated data may be derived from personal data but is not treated as personal data in law, as it does not directly or indirectly reveal your identity. If we combine aggregated data with your personal data so that it can identify you, we treat the combined data as personal data.
Sensitive Personal Data
We do not generally seek to collect sensitive personal data, such as data revealing health, religious or philosophical beliefs, or biometric data. Where the nature of a project requires us to handle any such data, we will only do so with an appropriate legal basis and additional safeguards.
4. Project Confidentiality and High-Profile Clients
GILLARD Atelier regularly works with private individuals, family offices, developers, hospitality groups and other high-profile clients. Many of our projects involve private residences, luxury developments, hospitality assets and commercially sensitive environments, and we recognise that project information may be commercially sensitive or confidential.
We maintain strict internal controls and confidentiality obligations designed to protect project-related information. Such information may include property locations, floorplans, interior designs, client preferences, investment information, construction documentation and project photography. We will not disclose project details except where necessary for the delivery of your project or where required by law.
Where we wish to use project photography, renderings or completed project imagery for portfolio, marketing, awards submissions, press or publication purposes, we will obtain the necessary permissions before doing so.
5. How We Collect Your Information
Direct interactions
You may give us your information when you submit an enquiry, request a proposal, become a client, engage us on a project, attend an event, or otherwise correspond with us by post, telephone, email or in person.
Automated technologies
As you interact with our website, we may automatically collect technical data about your equipment and browsing actions using cookies and similar technologies.
Third parties and public sources
We may receive information about you from professional referrals, business partners, contractors and consultants, social media platforms, industry events and publicly available business sources.
6. How We Use Your Information
We use personal information for the following purposes:
- To deliver our services: To manage projects, prepare proposals, deliver design services and coordinate suppliers and consultants.
- To manage our client relationships: To respond to enquiries, provide updates, arrange meetings and maintain project communications.
- To operate our business: For financial administration, compliance obligations, security monitoring and risk management.
- To improve our services: Through website analytics, audience insights, service development and client-experience improvements.
- For marketing: Where permitted by law, we may send you studio updates, thought leadership, project showcases, industry insights and invitations to private events. You may unsubscribe or change your preferences at any time, as described in section 11.
7. Legal Basis for Processing
We will only process your personal data where the law allows us to. We rely on one or more of the following legal bases, depending on the purpose:
- Performance of a contract: where processing is necessary to enter into or carry out a contract with you, or to take steps at your request before doing so.
- Legitimate interests: where processing is necessary for our legitimate business interests, such as running, developing and promoting our practice, provided your interests and rights do not override those interests.
- Legal obligation: where processing is necessary to comply with a legal or regulatory obligation.
- Consent: where you have given clear, specific and informed consent, for example to receive certain marketing communications. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
The principal ways in which we use your personal data, and the legal bases we rely on, are summarised below. Some activities may rely on more than one basis.
- Responding to enquiries: Legitimate interests.
- Delivering client projects: Performance of a contract.
- Invoicing, accounting and record-keeping: Legal obligation.
- Marketing communications: Consent.
- Website and analytics: Consent / legitimate interests.
Where consent is required under the UAE PDPL, that consent is freely given, specific, informed and unambiguous, and may be withdrawn easily at any time.
8. Sharing Your Information
We may share your personal data with the following categories of recipient, only where necessary and subject to appropriate confidentiality and data-protection obligations:
- Professional service providers: Lawyers, accountants, auditors and insurers.
- Technology providers: Trusted providers that support our operations, such as Microsoft 365, Google Workspace, Adobe, Xero, Stripe, Dropbox, Autodesk and our cloud hosting providers. We may update our service providers from time to time; an up-to-date list of the providers we use is available on request.
- Project delivery partners: Where required to deliver your project, including contractors, consultants, architects, engineers and suppliers.
- Business transfers and legal requirements: We may share data with parties involved in a sale, merger or reorganisation of our business, and with regulators, authorities or others where we are required to do so by law.
We require all third parties to respect the security of your personal data and to process it only on our instructions and for specified purposes.
We do not sell your personal data.
9. International Transfers
Because we work internationally and use service providers located in different countries, your information may be transferred to, and processed in, countries outside the one in which you are located, including outside the UAE, the UK and the EEA.
Whenever we transfer personal data across borders, we ensure a comparable level of protection by relying on at least one of the following safeguards:
- Transfers to countries recognised as providing an adequate level of data protection;
- Standard Contractual Clauses or equivalent contractual protections approved under the applicable law; or
- Other lawful transfer mechanisms, including, where appropriate, your explicit consent or the necessity of the transfer for the performance of a contract.
Please contact us if you would like more information about the specific safeguards applied to transfers of your personal data.
10. Cookies and Website Analytics
Our website uses cookies and similar technologies to distinguish you from other users, to help the site function and to improve it. We may use:
- Essential cookies: required for the operation of the website.
- Analytics cookies: such as Google Analytics and Google Search Console, to understand how visitors use the site.
- Marketing cookies: such as the Meta Pixel and LinkedIn Insight Tag, to make our content and advertising more relevant.
Where required by law, we will obtain your consent before placing non-essential cookies on your device. You can set your browser to refuse some or all cookies, although parts of the website may not function properly as a result.
Full details of the cookies we use are set out in our separate Cookie Policy, available on our website.
11. Marketing Choices
You will receive marketing communications from us only where you have requested them or have otherwise consented, and have not opted out. Where we are required to obtain consent, we will do so before sending the communication, and before sharing your data with any third party for their own marketing purposes.
You can ask us to stop sending you marketing messages at any time by using the unsubscribe link in our communications or by contacting us at dxb@gillardatelier.com. Opting out of marketing will not affect communications relating to a project or service we are providing to you.
12. Data Security
We maintain appropriate technical and organisational measures designed to protect personal information against unauthorised access, loss, misuse, disclosure, alteration and destruction. Access to personal information is limited to those individuals who require it for a legitimate business purpose, and who are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected personal data breach, including internal escalation procedures, investigation processes and notification obligations where required by applicable law. Where we are legally required to do so, we will notify the relevant regulator, including the UAE Data Office under the PDPL, or the relevant supervisory authority under the GDPR, and any affected individuals.
13. Data Retention
We retain personal data only for as long as reasonably necessary to fulfil the purposes for which we collected it, including to satisfy any legal, regulatory, tax, accounting or reporting requirements, and to establish, exercise or defend legal claims. Typical retention periods are set out below.
- Client contracts and engagement records: 7 years after the end of the engagement.
- Financial and invoicing records: 7 years.
- Project files and design documentation: 7 years after project completion.
- Marketing subscribers: Until you unsubscribe or withdraw consent.
- Enquiries that do not become engagements: 24 months.
- Website analytics data: Up to 26 months.
Where legal or regulatory obligations require a longer period, we will retain the information accordingly. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use that information indefinitely.
14. Your Rights
Depending on the law that applies to you, you may have the right to:
- Request access to the personal data we hold about you;
- Request correction of inaccurate or incomplete data;
- Request erasure of your personal data;
- Object to the processing of your personal data;
- Request restriction of processing;
- Request the transfer of your personal data, also known as data portability; and
- Withdraw consent at any time where we rely on consent.
To exercise any of these rights, please contact us at dxb@gillardatelier.com.
Verifying your identity
We may need to request specific information to confirm your identity before responding to a request. This is a security measure to ensure that personal data is not disclosed to anyone who has no right to receive it.
No fee, and our response time
You will not usually have to pay a fee to exercise your rights. We aim to respond to all legitimate requests within 30 days. Occasionally it may take longer if your request is complex or you have made a number of requests, in which case we will keep you informed.
15. Complaints
If you have a concern about how we handle your personal data, we would welcome the opportunity to resolve it, so please contact us first. You also have the right to lodge a complaint with the relevant regulator:
- In the UAE: the UAE Data Office;
- In the UK: the Information Commissioner's Office (ICO), www.ico.org.uk;
- In the EEA: the data protection supervisory authority in your country.
16. Children's Privacy
Our website and services are not directed at children, and we do not knowingly collect personal data relating to children. If you believe a child has provided us with personal data, please contact us so that we can take appropriate steps to remove it.
17. Third-Party Links
Our website may include links to third-party websites, plugins and applications. We do not control these third parties and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.
18. Changes to This Policy
We keep this Privacy Policy under regular review and may update it from time to time. The latest version will always be available on our website, and the effective date above will be updated accordingly. Where changes are significant, we will take reasonable steps to notify you.
