Privacy and Personal Data Protection Policy
Effective Date: 05 May 2025
At Data Direct Group, we are dedicated to protecting your personal data and respecting your privacy. This Privacy and Personal Data Protection Policy outlines how we collect, process, share, and protect the personal information of individuals, in line with the UAE Personal Data Protection Law (PDPL) and, where applicable, the EU General Data Protection Regulation (GDPR). The policy applies to all individuals whose personal data we process, including clients, partners, employees, and users of our services and website.
We collect personal data only when it is necessary for clearly defined, lawful purposes. The types of data we may collect include identity and contact information such as your name, address, email, and phone number; financial data such as bank details and payment records; employment-related information; and technical data such as IP addresses and browser details through cookies and analytics tools. We may also collect information from third-party sources such as verification agencies and publicly available databases. We do not knowingly collect data from individuals under the age of 18 without verified parental or guardian consent.
Our processing activities are always based on a valid legal ground. These include the need to perform a contract with you, comply with legal obligations, pursue legitimate business interests, protect vital interests, and fulfill tasks in the public interest or under official authority. Where none of these apply, we will seek your explicit consent. You can withdraw your consent at any time by contacting our Data Protection Officer.
We use your personal data to provide and improve our services, communicate with you, fulfill legal and contractual requirements, conduct internal operations, and perform analytics or marketing activities (only with your consent). We limit access to your data to only those who need it for legitimate purposes and ensure that your rights and freedoms are always respected.
We may share your data with trusted third parties such as IT providers, cloud platforms, marketing agencies, professional advisers, and legal authorities. Internal sharing within the Data Direct Group may occur to support HR, IT, finance, legal, and marketing operations, but only when there is a clear business need and appropriate safeguards are in place. If data is transferred outside the UAE or EEA, we ensure that such transfers are done securely and in compliance with legal requirements, using mechanisms like data sharing agreements or standard contractual clauses.
Data retention is limited to the period necessary for the purpose it was collected, or as required by law. Once the retention period has expired, data is securely deleted or anonymized. We apply strong technical and organizational security measures to protect your personal data from unauthorized access, loss, or misuse. These include encryption, secure access controls, staff training, regular audits, and incident response procedures.
In the event of a data breach, we will notify the relevant supervisory authority within 72 hours if there is a risk to individuals’ rights or freedoms, and we will inform affected individuals when legally required. We maintain internal procedures to handle such incidents swiftly and transparently.
As a data subject, you have several rights under PDPL and GDPR. These include the right to access your personal data, request correction or deletion, restrict processing, object to certain uses (including automated decisions or direct marketing), and request data portability. You also have the right to withdraw consent and lodge a complaint if you believe your data is being misused. To exercise any of these rights, please contact our Data Protection Officer.
Data Direct Group is responsible for monitoring compliance with this policy and applicable data protection laws. This includes conducting internal audits, advising on privacy matters, overseeing data processing activities, and serving as the primary point of contact for data subjects and regulatory authorities. If you would like to exercise your rights or raise any objections related to the use of your personal data, you may contact our Data Protection Officer at dpo@datadirect.ae.
This policy is reviewed regularly and may be updated to reflect changes in our data practices, business operations, or legal requirements. All updates will be posted on our website with the effective date. We encourage you to review this policy periodically and contact us if you have any questions or concerns.