DexNet Information Technology CO, with the registration number 993835, registered at 1008 Conrad Business Tower, Sheikh Zayed Road - Dubai, UAE. (hereinafter referred to as the “Company” or “We”) is committed to protecting and respecting your privacy.
This Privacy Policy (hereinafter referred to as the “Privacy Policy”) govern your access to and use of this Website, www.dexnet.one (hereinafter referred to as the “Website”) and associated content. Therefore, the Company wants to assure you the highest standards of confidentiality and transparency regarding the personal data that are processed when you access our Website or use our Services.
Through this Privacy Policy, the Company offers you the insurance that the Company comply with the applicable legislation on the protection of personal data, including, but not limited to the provisions of the Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (PDPL).
Since the Company processes a series of personal data the moment you access and use our website, we want to provide assurances that the processing will take place in compliance with the principles of transparency and security of personal data. This privacy policy is intended to help you understand which personal data we collect, the purpose for which the data are collected and what will happen to your data after they have been collected. This Privacy Policy applies to all the Users and Clients of our website. Within the meaning of the present Privacy Policy, the “User” is any natural or legal person whom accesses the content of our website and the “Client” is any natural or legal person who uses/contracts the services offered by the Company on the Website.
We invite you to carefully read the entire content of the Privacy Policy before you start using our Website or our Services.
In applying the provisions of the Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (PDPL), the following words and expressions used in this document shall have the meanings assigned to each, unless the context otherwise requires: State: United Arab Emirates.
Office: The UAE Data Office established by virtue of Federal Decree-Law No. 44/2021 referred to above.
Data: An organized or unorganized set of data, facts, concepts, instructions, views, or measurements, in the form of numbers, letters, words, symbols, images, videos, signs, sounds, maps, or any other form, that is interpreted, exchanged or processed by humans or computers, which also includes information wherever it appears herein.
Personal Data: Any data relating to an identified natural person, or one who can be identified directly or indirectly by way of linking data, using identifiers such as name, voice, picture, identification number, online identifier, geographic location, or one or more special features that express the physical, psychological, economic, cultural or social identity of such person. It also includes Sensitive Personal Data and Biometric Data.
Sensitive Personal Data: Any data that directly or indirectly reveals a natural person's family, racial origin, political or philosophical opinions, religious beliefs, criminal records, biometric data, or any data related to the health of such person, such as his/her physical, psychological, mental, genetic or sexual condition, including information related to health care services provided thereto that reveals his/her health status.
Biometric Data: Personal Data resulting from Processing, using a specific technique, relating to the physical, physiological or behavioral characteristics of a Data Subject, which allows or confirms the unique identification of the Data Subject, such as facial images or dactyloscopic data. Data Subject: The natural person who is the subject of the Personal Data.
Establishment: Any company or sole proprietorship established inside or outside the State, including companies which the federal or local government partially or wholly owns or has a shareholding therein.
Controller: An establishment or natural person who has Personal Data and who, given the nature of his/her activity, specifies the method, criteria and purpose of Processing such Personal Data, whether individually or jointly with other persons or establishments.
Processor: An establishment or natural person who processes Personal Data on behalf of the company, as directed and instructed by the company.
Data Protection Officer: Any natural or legal person appointed by the company or Processor to undertake the responsibilities of ascertaining the compliance of his/her entity with the controls, conditions, procedures and rules for Processing and protecting Personal Data stipulated herein, and ascertaining the integrity of its systems and procedures in order to ensure compliance with the provisions hereof.
Processing: Any operation or set of operations which is performed on Personal Data using any electronic means, including Processing and other means. This process includes collection, storage, recording, organization, adaptation, alteration, circulation, modification, retrieval, exchange, sharing, use, or classification or disclosure of Personal Data by transmission, dissemination or distribution, or otherwise making it available, or aligning, combining, restricting, blocking, erasing or destroying Personal Data or creating models therefor.
Automated Processing: Processing that is carried out using an electronic program or system that is automatically operated, either completely independently without any human intervention, or partially independently with limited human supervision and intervention.
Personal Data Security: A set of technical and organizational measures, procedures and operations, specified according to the provisions hereof, aimed at protecting the privacy, secrecy, safety, unity, integrity and availability of Personal Data.
Pseudonymization: The Processing of Personal Data in such a way that the data, after completion of Processing, can no longer be linked and attributed to the Data Subject without the use of additional information, as long as such additional information is kept separately and safely and subject to the technical and organizational measures and procedures, specified according to the provisions hereof, to ensure non-attribution of Personal Data to an identified or identifiable natural person. Anonymization: The Processing of Personal Data in such a way that anonymizes the Data Subject's identity so that such data can no longer be linked and attributed to the Data Subject and the Data Subject can no longer be identified in any way whatsoever.
Data Breach: A breach of information security and Personal Data by illegal or unauthorized access, including copying, sending, distributing, exchanging, transmitting, circulating or Processing data in a way that leads to disclosure thereof to third parties, or damage or alteration thereof during the processes of storage, transmission and Processing.
Profiling: A form of Automated Processing consisting of the use of Personal Data to evaluate certain personal aspects relating to a Data Subject, including to analyze or predict aspects concerning his/her performance, economic situation, health, personal preferences, interests, behavior, location, movements or reliability.
Cross-Border Processing: Dissemination, use, display, transmission, receipt, retrieval, sharing or Processing of Personal Data outside the territory of the State.
Consent: The consent given by a Data Subject to authorize third parties to process his/her Personal Data, provided that such consent is a specific, informed and unambiguous indication of the Data Subject's agreement to the Processing of his/her Personal Data, by a statement or by a clear affirmative action.
The PDPL applies to the processing of personal data by any data controller or data processor located in the UAE processing the personal data of data subjects residing or working within or outside the UAE. It covers the personal data of data subjects residing or working in the UAE and to any data controller or data processor established outside the UAE carrying out processing activities about data subjects in the UAE.
Controller, Processor and Data Protection Officer, for the purposes of PDPL and other data protection laws applicable, is the Company: DexNet Information Technology CO, registration number 993835, registered at 1008 Conrad Business Tower, Sheikh Zayed Road - Dubai, UAE
Any Data subject may, at any time, contact our Data Protection Officer, directly with all questions and suggestions concerning data protection, at the following email address: [email protected].
Your personal data is processed in accordance with the following principles:
1. Processing must be made in a fair, transparent and lawful manner.
2. Personal Data must be collected for a specific and clear purpose, and may not be processed at any subsequent time in a manner incompatible with that purpose. However, Personal Data may be processed if the purpose of Processing is similar or close to the purpose for which such data is collected.
3. Personal Data must be sufficient for and limited to the purpose for which the processing is made.
4. Personal Data must be accurate and correct and must be updated whenever necessary.
5. Appropriate measures and procedures must be in place to ensure erasure or correction of incorrect Personal Data.
6. Personal Data must be kept securely and protected from any breach, infringement, or illegal or unauthorized Processing by establishing and applying appropriate technical and organizational measures and procedures in accordance with the laws and legislation in force in this regard.
7. Personal Data may not be kept after fulfilling the purpose of Processing thereof. It may only be kept in the event that the identity of the Data Subject is anonymized using the “Anonymization” feature.
8. Any other controls set by the Executive Regulations of the PDPL.
The Company receives and stores information containing personal data when you:
As a result of the actions identified above, the Company collects from you the following categories of personal data: Name, Surname, E-mail address, Telephone Number, Address of residence, Date and Place of birth, Economic profile, Information about your personal knowledge and experience in relation to services provided by the Company, the types of browser and versions you use, the date and the time of accessing the website, the internet protocol address (IP address), geographic location, the operating system used, the behavioral browsing trends, information related to their account and any other personal data which are transmitted or made known as a result of communication with the Company.
We receive and store certain types of information each time you interact with us. As stated, we use "cookies" and obtain certain types of information when the web browser accesses www.dexnet.one or advertisements and other types of content served by or on behalf of the Company on the Website. We invite you to learn more accessing the Cookies Policy.
The Company processes personal data for one or more of the following purposes:
There are cases when the personal data is processed also for secondary purposes (eg. for archiving, for internal or external audit etc.), which are always compatible with the main purposes for which the data were collected. In cases where the personal data may be used for other purposes than those mentioned above, your consent will be required in advance, unless there is a legal obligation or there is another legal basis for the processing of data.
1. In order for the Company to accept the Consent of the Data Subject to Processing, the following conditions must be met:
A. The Company must be able to prove the Consent of the Data Subject to process his/her Personal Data, if consent is relied upon as a lawful basis for the processing of his/her personal data.
B. The Consent must be given in a clear, simple, unambiguous and easily accessible manner, whether in writing or electronic form.
C. The Consent must indicate the right of the Data Subject to withdraw it and that such withdrawal must be easily made.
2. The Data Subject may, at any time, withdraw his/her Consent to the Processing of his/her Personal Data. Such withdrawal shall not affect the legality and lawfulness of the Processing made based on the Consent given prior to the withdrawal.
3. It is prohibited to process Personal Data without the consent of the Data Subject. However, the following cases, in which Processing is considered lawful, are excluded from such prohibition:
a. if the Processing is necessary to protect the public interest.
b. if the Processing is for Personal Data that has become available and known to the public by an act of the Data Subject.
c. if the Processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures
d. if the Processing is necessary for the purposes of occupational or preventive medicine, for assessment of the working capacity of an employee, medical diagnosis, provision of health or social care, treatment or health insurance services, or management of health or social care systems and services, in accordance with the legislation in force in the State.
e. if the Processing is necessary for the purposes of occupational or preventive medicine, for assessment of the working capacity of an employee, medical diagnosis, provision of health or social care, treatment or health insurance services, or management of health or social care systems and services, in accordance with the legislation in force in the State.
f. if the Processing is necessary to protect public health, including the protection from communicable diseases and epidemics, or for the purposes of ensuring the safety and quality of health care, medicines, drugs and medical devices, in accordance with the legislation in force in the State.
g. if the Processing is necessary for archival purposes or for scientific, historical and statistical studies, in accordance with the legislation in force in the State.
h. if the Processing is necessary to protect the interests of the Data Subject.
i. if the Processing is necessary for the Company or Data Subject to fulfill his/her obligations and exercise his/her legally established rights in the field of employment, social security or laws on social protection, to the extent permitted by those laws.
j. if the Processing is necessary to perform a contract to which the Data Subject is a party or to take, at the request of the Data Subject, procedures for concluding, amending or terminating a contract.
k. if the Processing is necessary to fulfill obligations imposed by other laws of the State on Controllers.
l. any other cases set by the Executive Regulations of the PDPL.
In accordance with the provisions of Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (PDPL), you have the following rights:
1. The Right to Obtain Information
The Data Subject, based on a request submitted thereby to the Company, has the right to obtain the following information without charge:
a. the types of his/her Personal Data that is processed.
b. purposes of Processing.
c. decisions made based on Automated Processing, including Profiling.
d. targeted sectors or establishments with which his/her Personal Data is to be shared, whether inside or outside the State.
e. controls and standards for the periods of storing and keeping his/her Personal Data.
f. procedures for correcting, erasing or limiting the Processing and objection to his/her personal data.
g. protection measures for Cross-Border Processing made in accordance with PDPL provisions.
h. procedures to be taken in the event of a breach or infringement of his/her Personal Data, especially if the breach or infringement poses a direct and serious threat to the privacy and confidentiality of his/her Personal Data.
i. the process of filing complaints with the Office.
2. The Right to Request Personal Data Transfer
a. The Data Subject has the right to obtain his/her Personal Data provided to the Company for Processing in a structured and machine-readable manner, so long as the Processing is based on the Consent of the Data Subject or is necessary for the fulfillment of a contractual obligation and is made by automated means.
b. The Data Subject has the right to request the transfer of his/her Personal Data to another Controller whenever this is technically feasible.
3. The Right to Correction or Erasure of Personal Data
a. The Data Subject has the right to request the correction or completion of his/her inaccurate Personal Data held with the Company without undue delay.
b. Without prejudice to the legislation in force in the State and what is required by the public interest, the Data Subject has the right to request the erasure of his/her Personal Data held with the Company in any of the following cases:
- if his/her Personal Data is no longer required for the purposes for which it is collected or processed.
- if the Data Subject withdraws his/her Consent on which the Processing is based.
- if the Data Subject objects to the Processing or if there are no legitimate reasons for the Company to continue the Processing.
- if his/her Personal Data is processed in violation of the provisions hereof and the legislation in force, and the erasure process is necessary to comply with the applicable legislation and approved standards in this regard.
c. With the exception of what is stated above, the Data Subject has no right to request erasure of his/her Personal Data held with the Company in the following cases:
- if the request is for the erasure of his/her Personal Data related to public health and held with private establishments.
- if the request affects the investigation procedures, claims for rights and legal proceedings or defense by the Company.
- if the request conflicts with other legislation to which the Company is subject.
- d. any other cases set by the Executive Regulations of the PDPL.
4. The Right to Restrict Processing
4.1. The Data Subject has the right to oblige the Company to restrict and stop Processing in any of the following cases:
a. if the Data Subject objects to the accuracy of his/her Personal Data, in which case the Processing shall be restricted to a specific period allowing the Company to verify accuracy of the data.
b. if the Data Subject objects to the Processing of his/her Personal Data in violation of the agreed purposes.
c. if the Processing is made in violation of the provisions hereof and the legislation in force
4.2. The Data Subject has the right to request the Company to continue to keep his/her Personal Data after fulfillment of the purposes of Processing, if such data is necessary to complete procedures related to claiming or defending rights and legal proceedings.
4.3. Notwithstanding the provisions of Item (1) of this Article, the Company may proceed with the Processing of the Personal Data of the Data Subject without his/her Consent in any of the following cases:
a. if the Processing is limited to storing Personal Data.
b. if the Processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial procedures.
c. if the Processing is necessary to protect the rights of third parties in accordance with the legislation in force.
d. if the Processing is necessary to protect the public interest.
4.4. In all cases, the Company shall notify the Data Subject in the event of lifting the restriction stipulated in this Article.
5. The Right to Stop Processing
The Data Subject has the right to object to and stop the Processing of his/her Personal Data in any of the following cases:
1. if the Processing is for direct marketing purposes, including Profiling related to direct marketing.
2. if the Processing is for the purposes of conducting statistical surveys, unless the Processing is necessary to achieve the public interest.
3. if the Processing is in violation of the provisions of Article V hereof.
6. The Right to Processing and Automated Processing
1. The Data Subject has the right to object to decisions issued with respect to Automated Processing that have legal consequences or seriously affect the Data Subject, including Profiling.
2. Notwithstanding the provisions of Item (1) of this Article, the Data Subject may not object to the decisions issued with respect to Automated Processing in the following cases:
a. if the Automated Processing is included in the terms of the contract entered into between the Data Subject and Controller.
b. if the Automated Processing is necessary according to other legislation in force in the State.
c. if the Data Subject has given his/her prior Consent on the Automated Processing in accordance with the conditions set out in Article VIII hereof.
3. The Company shall apply appropriate procedures and measures to protect the privacy and confidentiality of the Personal Data of the Data Subject in the cases referred to in Item (2) of this Article, without prejudice to his/her rights.
4. The Company shall engage human resources in reviewing Automated Processing decisions, at the request of the Data Subject.
10.1 We apply the highest standards to protect and secure Personal Data, in order to maintain its confidentiality and privacy, such as, but not limited to:
1. Apply technical and organizational security politics and procedures in order to protect the personal data against loss, infringement, destruction, alteration, unauthorized changes, disclosure, access or use, and any other form of illegal processing or possession.
2. Apply appropriate measures in order to comply with the provisions of the PDPL, including compliance with the principles settled by PDPL, encryption of Personal Data and application of Pseudonymization, application of procedures and measures that ensure the confidentiality, safety, validity and flexibility of Processing systems and services, application of procedures and measures that ensure the timely retrieval and access of Personal Data in the event of any physical or technical failure.
3. Apply appropriate technical and organizational measures with respect to default settings to ensure that the Processing of Personal Data is limited to its intended purpose. This obligation applies to the amount and type of Personal Data collected, the type of Processing to be made thereon, and the period of storage and accessibility of such data.
4. Maintain a special record of Personal Data which include the data of the Company and Data Protection Officer, as well as a description of the categories of Personal Data held thereby, data of the persons authorized to access Personal Data, the Processing durations, restrictions and scope, the mechanism of erasure, modification or Processing of Personal Data, the purpose of Processing and any data related to the movement and Cross-Border Processing of such data, while indicating the technical and organizational procedures related to information security and Processing operations, provided that the Company provides this record to the Office whenever requested to do so.
10.2. However, given that no transmission or storage of data is 100% secure, regardless of whether it is electronic or physical, if we find out about a breach of our security system, we will inform both you and the competent authorities about the occurrence of the breach and any relevant information related to the security incident that occurred, in accordance with the law in force, within such period and in accordance with such procedures and conditions as set by the Executive Regulations of the PDPL.
10.3. We do not use automated decision-making (automated processing, including profiling) that has legal implications or seriously affects the data subject.
10.4. Before processing a Data subject’s personal data, we will provide the Data subject with a ”Privacy Notice”, which will include the following information:
- purposes of Processing,
- targeted sectors or establishments with which his/her Personal Data is to be shared, whether inside or outside the State,
- protection measures for Cross-Border Processing made in accordance with article XII herein.
Your personal data will be kept by the Company long enough for it to be processed for its stated purpose, as described in Article VII herein.
In cases where there is a legal obligation or a legitimate interest in keeping your personal data, the Company will ensure the confidentiality of the data to which has access or become aware of for as long as is necessary for the exercise of the legitimate interest or the obligation imposed by law. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal information are described below:
- Contact Information such as your name, email address, telephone number, postal address, proccessed for the following means: in order to fulfill a contract, in order to provide the requested products or services, are retained as long as they are needed to fulfill the contractual obligations and provide the requested products or services.
- Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.
- Information collected via technical means such as cookies, web page counters and other analytics tools is kept until the cookie expires.
When Personal Data is no longer necessary for the purpose for which it was collected, we will remove any details that identifies you or we will securely destroy the records, where permissible. However, we may need to maintain records for a significant period of time (after you cease using a particular Service) as mandated by regulation.
DexNet Information Technology CO is located in Dubai, UAE and the terms of this Privacy Policy shall be governed by and construed in accordance with UAE legislation, without regard to any principles of conflicts of law.
Regardless of your geographical location, by accessing the Website and Services and providing personal information through it, you agree and acknowledge and consent to the collection, maintenance, processing, and transfer of such information worldwide.
Other jurisdictions may have different privacy laws from your home jurisdiction and provide different levels of protection of personal information, but in all cases We have processes and procedures in place to provide adequate levels of protection to protect the transfer of your personal data.
1. Cross-Border Personal Data Transfer and Sharing for Processing Purposes if there is an Adequate Level of Protection Personal Data may be transferred outside the State in the following cases approved by the Office:
a. if the country or territory to which the Personal Data is to be transferred has special legislation on Personal Data Protection therein, including the most important provisions, measures, controls, requirements and rules for protecting the privacy and confidentiality of the Personal Data of the Data Subject and his/her ability to exercise his/her rights, and provisions related to imposing appropriate measures on the Company or Processor through a supervisory or judicial authority.
b. if the State accedes to bilateral or multilateral agreements related to Personal Data Protection with the countries to which the Personal Data is to be transferred.
2. Cross-Border Personal Data Transfer and Sharing for Processing Purposes if there is not an Adequate Level of Protection With the exception of what is stated above, Personal Data may be transferred outside the State in the following cases:
a. In countries where there is no data protection law, Establishments operating in the State and in those countries may transfer data under a contract or agreement that obliges the Establishment in those countries to implement the provisions, measures, controls and requirements set out herein, including provisions related to imposing appropriate measures on the Company or Processor through a competent supervisory or judicial authority in that country, which shall be specified in the contract.
b. The express Consent of the Data Subject to transfer his/her Personal Data outside the State in a manner that does not conflict with the security and public interest of the State.
c. If the transfer is necessary to fulfill obligations and establish, exercise or defend rights before judicial authorities.
d. If the transfer is necessary to enter into or execute a contract between the Company and Data Subject, or between the Company and a third party to achieve the Data Subject's interest.
e. If the transfer is necessary to perform a procedure relating to international judicial cooperation.
f. If the transfer is necessary to protect the public interest. You agree that the terms of this Privacy Policy will apply and you consent to the transmission and processing of your personal information in any jurisdiction.
We work closely with other partners. There are cases when third parties’ companies operate through our website providing ads for advertising and marketing purposes, which is why we may need to disclose the personal data you provide to us. In other words, the Company contracts services with other companies or individuals to perform functions on our behalf. Examples include e-mail and data analysis, marketing support, search results and links. They may have access to the personal data provided to us only for the purpose of carrying out their duties.
The Company may also provide the personal data and relevant documents containing such data to other third parties with whom it is in a contractual relationship, to their agents and to other authorized persons, but only under a confidentiality agreement through which the third parties guarantee that these data are kept secure and only for the purposes specified in the present Privacy Policy.
The Company also reserves the right to disclose your personal data, when this is required in order to comply with the enforcement legislation and / or at the request of the competent authorities; in order to implement the Privacy Policy; to protect the property rights against any claims of third parties, to protect the security or integrity of services and any equipment used, respectively to ensure the safety of the Company or other persons against fraudulent, abusive or illegal uses.
Except the situations identified above, you will be notified whenever your personal data may be disclosed to third parties and you will have the right to refuse such a disclosure.
In addition, the Company limits access to your personal data to those employees and other third parties who require access to limited data of Clients. They will process your personal data on our instructions and they are subject to a duty of confidentiality.
Our website may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Policy notice of every website you visit.
The DexNet Information Technology CO’s services are not intended for minors, persons that have not reached legal age, and we do not knowingly collect information from minors.
The persons that have not reached legal age should not submit any personal information without the permission of their parents or guardians. By accessing and browsing our Website, you are representing that you have reached legal age or that you are a minor and have your parents’ or guardians’ permission to use our Website or our Services.
Our Privacy Policy may change from time to time, but we assure you that your rights will not be affected under these changes without your explicit consent. We will publish any changes to the privacy policy in visible places to make it easy to identify updates and to be aware of its contents.
1. The website of the DexNet Information Technology CO contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us.
If you wish to contact us or request the exercise of any of your rights stipulated herein or file a complaint, please feel free to do so by the website quick electronic contact or at the following email address [email protected] or at our mailing address:
DexNet
InformationTechnology CO,
registration number 993835,
registered at 1008 Conrad
Business Tower,
Sheikh Zayed Road
Dubai, UAE.
2. You may also file a complaint with the Office if you have reasons to believe that we process your Personal Data in violation of the provisions of PDPL, in accordance with the procedures and rules established by the Office in this regard.