ZAINTECH SOLUTIONS FZ-LLC (ZAINTECH)

PERSONAL DATA PROTECTION AND PRIVACY POLICY

ZainTech Solutions FZ-LLC and its subsidiaries and affiliates (“ZainTECH”) operating in the information technology, cloud, digital services, cybersecurity, drone and robotics and digital financial services domains in the Middle East and North Africa region are subject to laws, regulations, determinations, and decisions enacted and promulgated by the relevant legislative bodies and regulatory authorities in each respective jurisdiction.

The protection and privacy of personally identifiable information (PII) entrusted to ZainTECH by customers, clients, employees, suppliers, stakeholders, local and international strategic partners, and other individuals ZainTECH works with are paramount to the organisation. We are committed to protecting and respecting the privacy of all data subjects who engage with the company securely and transparently to comply with applicable legislation.

This Privacy Policy sets out the principles and guidelines for collecting, processing, storing, and disclosing personal data in line with applicable laws and regulations. This Privacy Policy replaces all previous versions and applies from [2nd of January 2024].

Applicable Jurisdictions

We provide customer services and employ personnel primarily in Kuwait, Saudi Arabia, Bahrain, Jordan, Iraq, Egypt, South Sudan, and the United Arab Emirates.

To whom does this Privacy Policy Apply?

This Privacy Policy applies to the following:

• Current, Prospective and Former Customers
• Employees
• Individuals who use our website
• Nominated individuals acting under a power of attorney
• Shareholders
• Suppliers, local and strategic partners

Data Protection Principles

We adopt the following core data protection principles:

• Respect for Privacy: We respect the privacy rights of individuals and ensure that their data is collected, processed, and stored in accordance with applicable legislation.
• Lawfulness: We only collect, process, and store personal data necessary for legitimate purposes.
• Data Minimisation: We limit the collection of personal data to what is necessary and relevant for our business purposes.
• Accuracy: We take reasonable steps to ensure that personal data is accurate, up-to-date, and complete.
• Retention: We retain personal data only for as long as necessary to fulfil the purposes for which we collect such data. Data no longer in use is disposed of securely.
• Security: We store personal data in secure systems and protect personal data with appropriate technical and organisational measures to prevent unauthorised access, disclosure, alteration, or destruction
• Sharing with Third Parties: We only transfer personal data to third parties who have adopted. appropriate safeguards where it is necessary to pursue the legitimate interests of the data controller or third party to whom personal data has been disclosed, provided it is not in violation of fundamental rights and freedoms of the data subject and in compliance with personal data protection laws accordingly.

Definition of Personal Data or Information

We define personal data as follows:

“Any information, whatever its source or form, relating to or that could lead to the specific knowledge of a natural person or make it possible to identify him/her directly or indirectly by reference to one or more identifiers – either alone or when combined with other information that is linked or linkable to a specific individual(personally identifiable information (PII)) using all means the data controller or any other person uses or may have access to”.

Personally identifiable information we could collect include one or more of the following:

• A person’s name, gender, date of birth, identity document number (including passport numbers, identification numbers, driving licence, and employee numbers)
• A person’s delivery or billing addresses, telephone number, fax number, email address, social media handles, log-in identification information, IP address and cookie IDs
• A person’s employment status, job function, job title and employment or business address
• A person’s biometric information – limited to fingerprints
• A person’s current location information and location history
• A person’s banking information, debit card or credit card details
• A person’s preferences for products and services, specific products purchased and in use or previously in use and the channels used to purchase
• A person’s demographic information, education level, occupation, household income, interests, and activities
• Employees Only: Employment information including compensation and remuneration history
• Sensitive personal data will not be processed without the explicit consent of the data subject except where: specific exemption is permitted by law (such as employment or pursuing legal claims) or regulations, Data Protection Authority approval has been obtained where exemptions do not apply, or a permit has been secured for Data Protection Authority and adequate safeguards are in place for the purposes of processing. Sensitive personal data will be prohibited from being transferred to jurisdictions offering inadequate levels of protection.

Data Sources

We collect personal data when prospective customers access our website and online portal, or throughout our contractual relationship with our customers or suppliers. We track visits to our website to ensure that we can serve our visitors in the best possible way and improve our services further. We also collect personal information of our employees or employees of third-party contractors or service providers and strategic local or international partners through our procurement registration process or other engagement touchpoints. We will receive information from credit reference agencies if we need to conduct a credit check.

Lawful Basis for Data Processing

We collect, process, or disclose personal data (including to third parties) for specific and legitimate purposes. We do not only rely on consent as the basis for collecting personal data. Instead, in line with applicable laws, where appropriate, we adopt other lawful bases to serve our customers and stakeholders.

• Contractual Performance:The personal data protection legislation in most jurisdictions where we operate permits us to process such data where this is objectively necessary for performing or initiating a valid contract with a potential customer or supplier for ZainTECH products and services.
• Legitimate Business Interests:Again, the personal data protection legislation in most jurisdictions allows us to undertake the processing of personal data, for example, fraud prevention, maintaining the security of our services, and the improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to ensure they do not override the rights of data subjects – an essential requirement under law.
• Commercial Purposes:Personal data may be processed in the context of commercial purposes, i.e.: in the context of marketing, promotions, cross-promotions, location-based services and research and analytics (please see the section titled ‘Definition of Personal Data or Information’ for greater detail).
• Person’s Vital Interests: Sometimes, we process or disclose your information where necessary to protect your vital interests or those of another person. For example, in cases of a medical emergency or an accident, we may process and disclose your location information to paramedics.
• Compliance with a Mandatory Legal Obligation:We may process your data where we must comply with a legal obligation, such as the country’s accounting and tax regulations concerning electronic communications and financial services or where there are mandatory data retention requirements.
• Substantial Public Interest:We may process your data to assist in detecting and preventing fraud, tax evasion and financial crime. Consent:If ZainTECH does not elect to rely on any other lawful basis, we will seek your consent to process your data before doing so. In line with applicable legislation, you may withdraw your consent anytime. When you grant your consent, we will give you details on how you could withdraw such consent.

Handling Children's Information

ZainTECH is a strong advocate and champion of the cause of child rights and protections. As a general rule, we do not knowingly process the personal data of children under the legal age permitted in the relevant jurisdiction (13, 16 or 18 in some countries) unless we have consent from their guardians. Where we have designed services for use by children under the legal age, we will seek the guardians’ consent and inform them of their privacy rights.

How we use your personal information

We collect and process your personal information for the following purposes:

• To onboard or register you as a customer on our service platform
• To address any enquiries you may have about our products, services or service delivery platforms
• To perform credit checks when you apply for a contract for any products or services with us
• To provide you with the service we have contracted to provide to you
• To bill you for using the products and services or to take the appropriate amount of credit from you experience
• To develop new products and services to meet future needs or to conduct statistical analysis and studies which we may share with third parties through the processing of anonymised and disaggregated data which is not linked back to you in any way
• To prevent fraud
• To comply with applicable laws, regulations, court orders, government and law enforcement agencies’ requests We may monitor your use of the services and record any calls made to ZainTECH’s Contact Centre for training, financial control, quality control and regulatory purposes.

Sharing, Transferring and Disclosing Your Personal Data

In compliance with applicable legislation and following sound business practices, ZainTECH implements appropriate mechanisms to keep your personal information confidential. None of your information (as collected from you) is sold to third parties. However, there are specific reasons why we may be required to share your data with third parties who have adopted appropriate safeguards.

We may share or transfer your personal information with our subsidiaries, affiliated companies, and trusted third parties, including agents, resellers, subcontractors, and suppliers who are directly involved in the services you ordered. We may disclose your personal information to an authorised third party if such disclosure is mandated by law and permitted by the applicable laws and regulations of the country or by the personal data protection authority, the national telecommunications regulatory authority, the financial services regulatory authority, or any other relevant government agency. Such disclosure may be necessary to comply with a legal obligation or a court order in connection with judicial proceedings or to protect our customers’ and others’ rights or safety or at the request of a law enforcement agency.

However, without obtaining your prior express consent, we shall not share or use your personal information with our affiliates or any third party not directly involved in providing the services.

Some purposes may constitute a necessary basis for processing information or sharing it with third parties, provided it is not in breach of the fundamental rights of the data subject, including where there is a relevant and appropriate relationship between the data subject and controller or third party, (i.e. where the data subject is a client or in the service of the controller) or where legal purposes are present for public authorities to process personal data.

The General Data Protection Regulation define third parties as the following:

“A natural or legal person, public authority, agency or body, other than the data subject, controller, processor and persons who, under the direct authority of the controller, processor and persons who, under the direct authority of the controller or process, are authorised to process personal data.”

International Data Transfers

ZainTECH will not transfer your information outside the country where you reside (“Home Jurisdiction”) except in accordance with the rules set out in the applicable laws or regulations of the Home Jurisdiction. We will have a contract in place with the data recipient to ensure that your information is adequately protected, and we will remain bound by our obligations under applicable data protection laws even when your personal information is processed outside of the Home Jurisdiction. The measures we use to protect your data in this instance are security reviews of the organisations and contractual model clauses approved for use by the data protection authority in the Home Jurisdiction.

Data Subject Rights

In line with applicable laws and regulations, we have outlined specific rights to which you are entitled pertaining to our processing of your personal data. If you wish to exercise any of the rights below or have a question or cannot find the answer, please refer to our contact section below and a dedicated team member will respond.

• Right to Information: You have a right to know why we are processing your data.
• Right to Access Personal Data: You have the right to request a copy of the personal data that ZainTECH holds about you in a machine-readable format.
• Right to Correct Personal Data: You have the right to correct or update the information we hold about you if such information is inaccurate.
• Right to Data Portability: In some circumstances but not in all of the ZainTECH markets, You have the right to have a copy of the personal data you provided to us transferred to another service provider.
• Right to Object to the Use of Personal Data: You have the right, in certain circumstances as per the applicable Data Protection Law, to object to ZainTECH processing your personal information.
• Right to Opt Out of Marketing Messages: If you no longer want to receive marketing messages from ZainTECH, you can opt out anytime. You can opt-out anytime if you have previously opted to receive personalised content.
• Right to Restrict the Use of Your Data: If you feel the data we hold on you is inaccurate or believe we should not be processing your data, please contact our Customer Services team at info@zaintech.com to discuss your rights. In certain circumstances, you can ask us to restrict processing.
• Right to Erasure/Right to be Forgotten: ZainTECH strives to only process and retain your data for as long as we need or as mandated by applicable legislation. In certain circumstances, you have the right to request that we erase personal data of yours that we hold. We will review your request to erase your data, and where this does not breach any required retention requirements stipulated by law, we will do so.
• Right to Withdraw Your Consent: You have the right to withdraw your consent for data processing at any time if our processing is based on your consent in the first place. Whilst legal provisions regulating personal data protection laws may not dictate how long data can be retained, once your data is no longer required for legitimate purposes and the maximum retention period of 60 months has lapsed (or longer where this is stipulated by law), we shall securely delete data whereby ZainTECH will no longer have access to such information.

Cookies/IP Address Tracking

When you visit most websites, you typically leave electronic trace information such as IP address, domain name, unique ID, and stored preferences. Cookies enable websites to tailor page content according to user preferences. When you visit the ZainTECH website, we use cookies to store information about products you have selected to purchase or to collect information about how many people have visited our website. You can manage these cookies in your browser settings. Refusing cookies may mean you cannot access certain parts of our websites. By continuing to use our websites, you agree to our use of cookies.

Changes to our Privacy Policy

We regularly review our Privacy Policy to ensure that it complies with applicable legislation and accords with our business model. We will post the revised policy on our website (www.zaintech.com), which shall become effective from that date. Please check our websites regularly to see any changes to our Privacy Policy. By continuing to use our services, you acknowledge and agree to those changes made to our Privacy Policy.

Contact Us

For queries regarding this Privacy Policy, please write an email or letter to the following address:

ZainTech Solutions FZ-LLC Dubai Internet City Building 11 Dubai, UAE

Email: regulatory@zaintech.com

Last updated on January 2, 2024