Last Updated: 11/11/2025
Company: YJ Advisory L.L.C-FZ (“YJ Advisory”, “we”, “us”, “our”)
Registered Address: Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates
Website: www.yjadvisory.com (the “Site”)
Contact: legal@yjadvisory.com or yoon@yjadvisory.com
YJ Advisory respects your privacy. This Privacy Policy explains what Personal Data we collect, how we use it, who we share it with, how long we keep it, and your rights. By using the Site or submitting information to us, you agree to this Policy.
This Policy covers:
Website visitors and inquiry form users
Prospective and current clients, counterparties, and partners across aviation, yachts, real estate, and fine art
Vendors and prospective vendors
If we enter into a mandate/engagement with you, the engagement may include additional privacy terms that prevail over this Policy where inconsistent.
1) Key Definitions
Personal Data: information relating to an identified or identifiable individual (e.g., name, email, phone, ID copies, KYC documents).
Processing: any operation on Personal Data (collection, use, disclosure, storage, deletion).
Controller: YJ Advisory determines purposes and means of processing Personal Data.
Applicable Law: UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) and its Executive Regulations, and - where applicable - EU/UK GDPR and other local laws.
2) What We Collect
2.1 Data you provide to us
Contact details: name, email, phone/WhatsApp, organization, role.
Inquiry details: mandate type, asset interests (aircraft, yacht, real estate, fine art), message content.
KYC/AML (for transactions): ID documents, proof of address, corporate documents, shareholding and UBO information, sanctions/PEP screening results, source-of-funds data.
Engagement data: signed NDAs/NCNDAs, mandates, correspondence, transaction records, escrow instructions, invoices, payment confirmation.
Event/meeting data: scheduling preferences, call notes.
Vendor data: company info, contacts, bank details for payment.
2.2 Data we collect automatically (Site/communications)
Technical: IP address, device identifiers, browser type, OS, referrer, pages viewed, time on page, clickstream.
Cookies/trackers: strictly necessary cookies; with consent where required, analytics and performance cookies.
Email telemetry: open and click-through rates for our transactional emails (if applicable).
2.3 Data from third parties
Compliance providers: sanctions/PEP screening services, ID verification vendors.
Professional sources: law firms, MROs/FBOs, operators, shipyards, galleries, developers, brokers - where lawful and necessary to fulfill a mandate.
Public sources: company registries, sanctions lists, media.
We do not collect Special Category data unless legally required for KYC (e.g., sanctions/PEP checks) and then only under a lawful basis.
3) Why We Process Personal Data and Legal Bases
We process Personal Data for several purposes, each under a lawful basis permitted by applicable data protection laws.
We process your information to respond to inquiries, such as when you contact us through our website or by email to request information, schedule a meeting, or discuss potential mandates. This processing is necessary for our legitimate interests and, where relevant, to take pre-contractual steps at your request.
We process data to enter into and perform engagements, which includes executing NDAs or NCNDAs, managing mandates, sourcing and evaluating opportunities, conducting due diligence, coordinating with third parties, and completing transactions or closings. This processing is based on the performance of a contract and our legitimate interests in delivering our services.
For KYC, AML, and sanctions compliance, we collect and verify identification documents, beneficial ownership (UBO) information, and conduct screening for sanctions or politically exposed person (PEP) status. These activities are required by law and are carried out under our legal obligations and, where applicable, for reasons of substantial public interest.
We process data to protect confidentiality and integrity of transactions, including access control, non-circumvention protections, and safeguarding our contractual rights. This processing is done under our legitimate interests in maintaining secure and compliant operations.
For site operation, maintenance, and security, we use technical data to debug, prevent fraud, detect threats, and ensure proper website functionality. This is processed under our legitimate interests in maintaining a safe and reliable website.
We may process limited data for analytics and performance monitoring to understand how visitors use our website, improve usability, and optimize performance. Where required by law, we rely on your consent for such data, and otherwise on our legitimate interests where permitted.
We also process data to meet our legal and regulatory obligations, which includes maintaining proper records, accounting, responding to lawful requests from regulators or authorities, and asserting or defending legal claims. These activities are based on our legal obligations and legitimate interests.
Finally, we process data for vendor and partner management, including onboarding, payments, due diligence, and compliance verification. This processing is necessary for contract performance and our legitimate interests in managing our professional relationships.
We do not sell Personal Data. We do not conduct automated decision-making that produces legal or similarly significant effects.
4) Cookies and Similar Technologies
We use:
Strictly necessary cookies: security, session management.
Analytics cookies (e.g., Framer/first-party analytics or alternatives): page performance, traffic patterns.
No ad-tech/behavioral ads by default.
Your choices: You can manage cookies via your browser settings. Where consent is required by law, we will display a consent banner. Disabling certain cookies may affect Site functionality.
5) Disclosures to Third Parties
We share Personal Data only as needed and under confidentiality and security obligations:
Compliance/KYC providers: identity verification, sanctions/PEP screening.
Professional partners: operators, MROs/FBOs, inspectors, law firms, escrow/title agents, tax advisors, shipyards, galleries, developers - only when necessary to fulfill a mandate and subject to NDA/NCNDA where appropriate.
IT and hosting: Site hosting, email delivery, secure storage, productivity tools.
Payments/finance: banks, payment processors, accounting platforms.
Corporate transactions: merger, acquisition, reorganization - data shared under strict confidentiality.
Legal and authorities: where required by law or to establish, exercise, or defend legal claims.
We may share aggregated or de-identified information that cannot reasonably identify an individual.
6) International Transfers
We operate from the UAE with activity in the UK, Europe, Asia, and North America. Personal Data may be transferred and stored outside your country. We implement appropriate safeguards, such as contractual clauses and partner due diligence. For EEA/UK data subjects, we use recognized transfer mechanisms (e.g., EU SCCs/UK IDTA) where required.
7) Data Retention
We retain Personal Data only as long as necessary for the purposes above and to comply with legal, tax, and audit obligations. Typical periods:
Inquiry data: 12–24 months from last contact if no engagement.
Engagement records and KYC: contract term + 6–10 years (to meet regulatory and audit requirements).
Vendor records: contract term + 6–10 years.
Technical logs: 6–24 months, unless needed longer for security or legal reasons.
When no longer needed, data is securely deleted or anonymized.
8) Security
We employ administrative, technical, and physical measures appropriate to the risk, including role-based access controls, encryption in transit, hardened hosting, MFA on key systems, least-privilege access, and vendor security reviews. No system is perfectly secure. You are responsible for using secure channels and protecting any credentials.
9) Your Rights
Depending on your location, you may have rights to:
Access, rectify, or erase your Personal Data
Restrict or object to processing
Data portability (machine-readable copy)
Withdraw consent (where processing relies on consent)
Lodge a complaint with a supervisory authority
How to exercise: email legal@yjadvisory.com or yoon@yjadvisory.com. We may request identity verification. We will respond within applicable legal timelines.
Supervisory contacts (examples):
UAE PDPL: UAE Data Office (when formal procedures are published)
EEA: your local Data Protection Authority
UK: Information Commissioner’s Office (ICO)
10) Children’s Privacy
The Site and our services are not directed to children. We do not knowingly collect Personal Data from individuals under the age required by applicable law. If you believe a child provided data, contact legal@yjadvisory.com or yoon@yjadvisory.com.
11) Third-Party Links
The Site may contain links to third-party sites and services. We do not control their content or privacy practices. Review their policies separately.
12) Changes to this Policy
We may update this Policy periodically. We will post the updated version with a new Effective Date. Material changes may be notified on the Site. Continued use of the Site after changes means you accept the updated Policy.
13) How to Contact Us
Privacy Contact:
YJ Advisory L.L.C-FZ
Meydan Grandstand, 6th Floor
Meydan Road, Nad Al Sheba
Dubai, United Arab Emirates
Email: legal@yjadvisory.com or yoon@yjadvisory.com
If you are an EEA/UK data subject and want us to appoint an EU/UK representative, tell us and we will provide representative contact details once appointed.
14) Regional Addenda (if applicable)
14.1 EEA/UK Addendum
When the GDPR/UK GDPR applies, YJ Advisory acts as Controller. Lawful bases are described in Section 3. You may lodge a complaint with your local DPA or the UK ICO.
14.2 California Addendum (Optional)
We are not a “business” selling Personal Information under the CCPA/CPRA. If California law applies, you have rights to access, delete, correct, and opt-out of “sharing” (if any). Submit requests to legal@yjadvisory.com or yoon@yjadvisory.com.
15) Cookie Summary (for your Cookie Banner/Notice)
Strictly necessary: session, security, load balancing.
Analytics (consent where required): traffic, performance, UX metrics.
No advertising cookies by default.
You can adjust preferences via browser settings or our cookie banner (where implemented).