Privacy Policy

PRIVACY POLICY
www.dvngrind.com
Effective Date: 1st December 2024
DVN GRIND - FZCO ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in compliance with the United Arab Emirates Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL), as well as applicable international laws, including the General Data Protection Regulation (GDPR) , and other global privacy frameworks.

This Privacy Policy applies to personal data collected through our website (www.dvngrind.com) and any related services provided by the Company. By using our services or accessing our website, you consent to the practices described herein.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at support@dvngrind.com.
1. Introduction

This Privacy Policy sets out:
  • What personal data we collect.
  • How we collect, use, and share your data.
  • Your legal rights regarding your personal data.
  • The measures we take to protect your personal data.
Our commitment to data privacy is aligned with the requirements of the UAE PDPL, as well as other applicable international regulations, including but not limited to:
  • GDPR (EU): Protecting the privacy of individuals within the European Economic Area (EEA).
  • Other Relevant Laws: Compliance with global privacy frameworks as applicable to our services and users.
By accessing our website or engaging with our services, you acknowledge and agree to theterms of this Privacy Policy.
2. Definitions

For the purposes of this Privacy Policy:
  • "Personal Data": Any information relating to an identified or identifiable natural person, as defined under the UAE PDPL and GDPR. This may include, but is not limited to, names, email addresses, IP addresses, and financial information.
  • "Processing": Any operation performed on personal data, whether automated or manual, including collection, storage, use, and sharing.
  • "Data Subject": Any individual whose personal data is being processed.
  • "Controller": The entity that determines the purposes and means of processing personal data. For this Privacy Policy, the Controller is DVN GRIND - FZCO.
  • "Processor": The entity that processes personal data on behalf of the Controller.
  • "Sensitive Data": Categories of personal data that require special protection, such as health data, biometric data, or financial details.
These definitions are consistent with the UAE PDPL, GDPR, and other applicable privacy regulations.
3. Types of Data Collected
We collect various categories of personal data depending on your interaction with us. This may include:
  • 3.1 Personal Information You Provide Directly
  • Contact Information: Name, email address, phone number, and physical address.
  • Payment Information: Credit/debit card details, billing address, and transaction history.
  • Account Information: Username, password, and any information submitted when creating an account or signing up for our services.
  • 3.2 Automatically Collected Data
  • Technical Data: IP addresses, browser type, operating system, device information, and access logs.
  • Usage Data: Information on how you interact with our website and services, including pages viewed, time spent on the site, and navigation patterns.
  • 3.3 Data from Third Parties
We may receive personal data about you from third-party sources, including:
  • Social media platforms (if you engage with us through social channels).
  • Payment processors and financial institutions for transaction-related purposes.
  • Business partners who share data with us in compliance with applicable laws.
  • 3.4 Special Categories of Data
  • We do not intentionally collect sensitive data (e.g., health or biometric data). If required for specific services, we will obtain your explicit consent in accordance with applicable laws.
4. Legal Basis for Data Processing
We process your personal data based on the following legal grounds:
  • 4.1 Under UAE PDPL
  • Consent: Your explicit consent for specific processing activities (e.g., receiving marketing communications).
  • Contractual Necessity: Processing necessary for the performance of a contract (e.g., providing requested services).
  • Legal Obligation: Compliance with applicable legal requirements (e.g., anti-money laundering laws).
  • Legitimate Interests: Processing necessary for the Company’s legitimate business interests, provided your rights and freedoms are not overridden.
  • 4.2 Under GDPR
  • Consent: Freely given, specific, informed, and unambiguous indication of your agreement.
  • Performance of a Contract: Processing required to fulfill contractual obligations.
  • Legal Compliance: Where processing is necessary to comply with EU legal obligations.
  • Legitimate Interests: Such as fraud prevention, IT security, and service improvement.
5. How We Use Your Data
We use your personal data for the following purposes:
  • 5.1 Service Delivery
We process payment data in strict compliance with industry standards and applicable laws. Specifically:
  • Processing and Storage: Payment information, including credit/debit card details and billing addresses, is collected through secure payment gateways and processed in compliance with the Payment Card Industry Data Security Standards (PCI DSS). We do not store complete card details on our systems.
  • Data Sharing: Payment information is shared exclusively with payment processors and financial institutions to facilitate secure transactions. These third-party processors are contractually required to comply with PCI DSS and relevant data protection laws.
  • Security Measures: Encryption protocols and tokenization are used to protect payment data during transmission and processing.
  • 5.2 Communication
  • To respond to inquiries and provide updates about our services.
  • To send newsletters, promotional materials, and other communications (with opt-out options).
  • 5.3 Analytics and Improvements
  • To monitor usage and performance of our website and services.
  • To improve user experience and develop new features.
  • 5.4 Compliance and Legal Obligations
  • To comply with applicable laws and regulations, including fraud prevention and record- keeping requirements.
6. Data Collection Methods
We collect personal data using the following methods:
  • 6.1 Direct Collection
  • When you fill out forms, subscribe to services, or communicate with us via email or phone.
  • 6.2 Automated Collection
  • Through cookies, tracking pixels, and analytics tools integrated into our website.
  • These technologies help us understand user behavior and improve our services.
  • 6.3 Third-Party Collection
  • From payment processors, business partners, and public sources (e.g., LinkedIn profiles if you engage with us for business inquiries).
7. Cookies and Tracking Technologies
Cookies are small data files stored on your device to enhance your browsing experience. Please refer to our Cookie Policy for more information on this section.
8. User Rights
At DVN GRIND, we are committed to respecting your rights under applicable privacy laws. Depending on your jurisdiction, you have the following rights:
  • 8.1 Under UAE PDPL
  • Access: You have the right to request access to your personal data and obtain a copy of the data we hold about you.
  • Rectification: You may request the correction of inaccurate or incomplete personal data.
  • Erasure (Right to be Forgotten): You can request the deletion of your personal data under certain circumstances (e.g., if it is no longer needed for processing).
  • Objection to Processing: You can object to the processing of your personal data for specific purposes, such as direct marketing.
  • Portability: You may request a copy of your data in a structured, machine-readable format.
  • 8.2 Under GDPR
  • Data Portability: Receive your personal data in a portable format for transfer to another controller.
  • Restriction of Processing: Request the limitation of data processing in certain situations.
  • Right to Withdraw Consent: Withdraw your consent for processing at any time without affecting the legality of prior processing..
  • Legitimate Interests: Such as fraud prevention, IT security, and service improvement.
8.3 How to Exercise Your Rights
You can exercise your rights by contacting us at support@dvngrind.com. We will respond to your request within 30 days in compliance with applicable laws. Additional time may be required for complex requests.
9. Consent Management
  • 9.1 Obtaining Consent
  • We will obtain your explicit consent before processing your personal data for purposes not directly related to service delivery or required by law.
  • Consent is collected through online forms, checkboxes, or other clear affirmative actions.
  • 9.2 Withdrawing Consent
  • You can withdraw your consent at any time by contacting us at support@dvngrind.com.
  • Withdrawal of consent may result in limitations to the services we can provide.
  • 9.3 Special Considerations for Minors
  • We do not knowingly collect personal data from individuals under the age of or 16 years (GDPR) without parental or guardian consent.
  • If we become aware that we have inadvertently collected data from a minor without proper consent, we will take steps to delete such data.
10. Data Retention
  • 10.1 Retention Periods
  • We will retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including:
  • Service Delivery: Retained while you use our services or have an active account with us.
  • Legal Compliance: Retained to comply with legal obligations, such as financial records for tax or audit purposes.
  • Business Purposes: Retained for internal reporting, fraud prevention, and IT security.
  • 10.2 Data Deletion
  • Upon termination of services or at your request, we will securely delete your personal data unless retention is required for legal, regulatory, or legitimate business purposes.
  • 10.3 Backup and Archival Data
  • Data stored in backups or archives will be securely retained for the duration required by law or legitimate interests but will not be used for active processing.
11. Data Sharing and Disclosure
  • 11.1 Third-Party Processors
We may share your personal data with trusted third parties who perform services on our behalf, including:
  • Cloud Hosting Providers: For data storage and server operations.
  • Payment Processors: To process payments securely.
  • Analytics Providers: To track and improve website performance.
All third-party processors are contractually obligated to handle your data in compliance with applicable privacy laws.
  • 11.2 Legal and Regulatory Disclosures
We may disclose your personal data:
  • To comply with legal obligations under UAE law or other jurisdictions.
  • To respond to valid government or regulatory requests (e.g., court orders or subpoenas).
  • To enforce our agreements or protect our legal rights.
11.3 Business Transfers
In the event of a merger, acquisition, or sale of our business, your personal data may be transferred to the acquiring entity. You will be notified of any such change in ownership.
12. Cross-Border Data Transfers
We are committed to ensuring that any cross-border transfers of personal data are conducted transparently and in compliance with applicable regulations:
  • Under UAE PDPL:
  • Transfers outside the UAE are conducted only to jurisdictions with adequate data protection laws, based on legal assessments and agreements ensuring appropriate safeguards.
  • Explicit consent will be obtained from users where required by law.
  • Under GDPR:
  • We rely on Standard Contractual Clauses (SCCs) or adequacy decisions for transfers outside the European Economic Area (EEA).
  • Our payment processors and service providers are obligated to meet GDPR compliance standards, particularly for data integrity and security.
  • Transparency for Users:
  • Users are informed in advance about the jurisdictions to which their data may be transferred. This information is available upon request.
  • We regularly review and update data transfer agreements with third parties to ensure ongoing compliance with global data protection standards.
13. Data Security
  • 13.1 Security Measures
We implement technical and organizational measures to protect your personal data, including:
  • Encryption of sensitive data during transmission.
  • Secure storage systems with restricted access.
  • Regular audits of our IT infrastructure for vulnerabilities.
  • 13.2 User Responsibilities
  • You are responsible for keeping your login credentials confidential and secure.
  • Notify us immediately if you suspect unauthorized access to your account.
13.3 Disclaimer
While we take every reasonable measure to protect your data, no system is completely secure. We cannot guarantee the absolute security of data transmitted online.
14. Third-Party Services
  • 14.1 Third-Party Platforms
Our website may include links to third-party services or websites (e.g., payment gateways, analytics tools). These platforms operate independently of us and have their own privacy policies.
  • 14.2 Liability Disclaimer
  • We are not responsible for the privacy practices or content of third-party services.
  • We encourage you to review their privacy policies before sharing your data with them.
14.3 Use of APIs
Certain integrations (e.g., for payments or social media logins) may collect data directly from you. These APIs are governed by the respective providers’ policies.
15. Children's Privacy
  • 15.1 UAE PDPL Considerations
  • Under UAE PDPL, the processing of children’s data requires explicit parental consent, and we take appropriate steps to verify the consent before processing any data related to minors.
  • 15.2 How We Ensure Compliance
  • Our website and services are not targeted at children, and any content or features aimed at minors are clearly labeled to require parental supervision.
  • Parents or guardians can contact us at support@dvngrind.com to request the deletion of their child’s data.
16. Data Breach Notification
  • 16.1 Notification to Regulatory Authorities
  • Under the UAE PDPL, we are obligated to report any personal data breaches to the appropriate regulatory authority within 72 hours of becoming aware of the breach, where it poses a risk to affected individuals' rights and freedoms.
  • For international users, we adhere to GDPR’s 72-hour breach reporting requirement and other jurisdiction-specific rules, as applicable.
  • 16.2 Notification to Affected Users
  • If the breach is likely to result in a high risk to your rights and freedoms, we will promptly notify you of:
  • The nature of the breach.
  • The personal data affected.
  • Steps we are taking to mitigate the breach and minimize harm.
  • Recommendations for actions you can take to protect yourself (e.g., password changes).
  • 16.3 Security Breach Mitigation
  • In the event of a breach, we will:
  • Investigate the cause and implement corrective actions.
  • Cooperate with regulators and law enforcement as required.
  • Notify users of any ongoing risks or updates.
17. Updates to the Privacy Policy
  • 17.1 Right to Amend
  • We reserve the right to modify this Privacy Policy at any time to reflect changes in our business practices, regulatory requirements, or service offerings.
  • 17.2 Notification of Changes
  • Significant changes to this Privacy Policy will be communicated to you through:
  • Email notifications.
  • Prominent notices on our website.
  • Updated "Last Updated" dates at the top of this policy.
  • 17.3 User Responsibility
  • We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.
18. Accountability and Governance
  • 18.1 Role of the Data Controller
  • DVN GRIND - FZCO acts as the Data Controller, determining the purposes and means of processing personal data in compliance with applicable laws, including the UAE PDPL.
  • 18.2 Internal Data Governance
  • We maintain robust internal privacy policies, conduct periodic data protection audits, and provide employee training to ensure compliance with applicable laws.
  • 18.3 Regulatory Cooperation
  • We cooperate with relevant authorities, including the Telecommunications and Digital Government Regulatory Authority (TDRA) in the UAE and Data Protection Supervisory Authorities in other jurisdictions, to address privacy-related inquiries or investigations.
19. Dispute Resolution
  • 19.1 Resolution of Privacy Concerns
  • If you have any concerns about how your personal data is handled, please contact us at support@dvngrind.com. We will investigate and address your concerns promptly.
  • 19.2 UAE Regulatory Recourse
  • If you believe we have not adequately addressed your privacy concerns, you have the right to file a complaint with the TDRA, the regulatory authority overseeing data protection in the UAE.
  • 19.3 International Dispute Mechanisms
  • For users in the EU: You may lodge a complaint with your local Data Protection Supervisory Authority.
  • For other jurisdictions, contact your local privacy regulator for guidance.
  • 19.4 Arbitration
  • For disputes that cannot be resolved amicably, you agree to submit to arbitration under the Dubai International Arbitration Centre (DIAC) or an equivalent body, as applicable.
20. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us using the details below:
  • Company Name: DVN GRIND - FZCO
  • Address: 14292 IFZA DDP Building A1, Silicon Oasis, Dubai, UAE
  • Email: support@dvngrind.com
We aim to respond to all inquiries within 30 days or sooner where required by applicable laws.