Privacy Policy

<strong>Purpose of this privacy policy</strong>

This privacy notice provides information on how <a href="https://www.dubaiadvertising.ae">Dubai Advertising</a> collects and processes your personal data through your use of our website, including any data you may provide when you fill in forms, submit an enquiry, or interact with us in any other way.

Our website is not intended for use by children under the age of 18, and we do not knowingly collect data relating to minors. If we become aware that we have collected personal data from a minor without appropriate consent, we will delete such data promptly.

This notice supplements other privacy or fair processing notices we may provide on specific occasions and is not intended to override them. Please read this privacy notice together with any other notices provided when we are collecting or processing personal data.

<strong>Controller</strong>

<a href="https://www.dubaiadvertising.ae">Dubai Advertising</a>, operated by Media Agency Group FZ-LLC, is the data controller responsible for your personal data.

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact:

<strong>Email:</strong> <a href="mailto:privacy@dubaiadvertising.ae">privacy@dubaiadvertising.ae</a>

<strong>Postal Address:</strong> Al Sufouh Complex, Media City, Dubai, UAE.

<strong>Changes to the privacy policy and your duty to inform us of changes</strong>

We review our privacy policy regularly. Any updates will be posted on this page with a revised "version" and "date."

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes at any point during your relationship with us.

<strong>Third-party links</strong>

Our website may include links to third-party websites, plug-ins, or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Personal data (also known as personal information) means any information about an individual from which that person can be identified. It does not include anonymous data, where identifying details have been removed.

We may collect, use, store and transfer different types of personal data about you. We group these into the following categories:

<strong>Non-Special Category of Personal Data</strong>

<ul><li><strong>Identity Data</strong> — includes first name, last name, username or similar identifier.</li><li><strong>Contact Data</strong> — includes billing address, delivery address, email address and telephone numbers.</li><li><strong>Technical Data</strong> — includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers, and other technology on the devices you use to access this website.</li><li><strong>Usage Data</strong> — includes information about how you use our website, such as page visits, clicks, time spent on site, and interaction with content.</li><li><strong>Marketing and Communications Data</strong> — includes your preferences in receiving marketing from us and your communication preferences.</li></ul>

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data, but is not considered personal data in law as it does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the website.

If we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, and it will be used in accordance with this privacy notice.

<strong>If you fail to provide personal data</strong>

Where we need to collect personal data by law, or under the terms of a contract with you, and you fail to provide that data when requested, we may not be able to perform the contract or provide services. In such a case, we will notify you if your data is required and explain any consequences of non-provision.

We use a range of methods to collect data from and about you, including:

We will only use your personal data where the law allows us to. Most commonly, we will use your personal data in the following circumstances:

<ul><li>Where it is necessary for the performance of a contract with you.</li><li>Where it is necessary for our legitimate interests (or those of a third party) and your rights do not override those interests.</li><li>Where we need to comply with a legal or regulatory obligation.</li><li>Where you have given us your consent (such as for receiving marketing communications).</li></ul>

For clarity:

<ul><li>We rely on your consent for cookies, remarketing, and promotional communications.</li><li>We rely on legitimate interests for service-related communications, website optimisation, and fraud prevention.</li><li>Where consent is required, processing will not take place unless valid consent is obtained.</li></ul>

In some cases, we may rely on more than one legal basis for processing your data, depending on the purpose.

<strong>Purposes for which we will use your personal data</strong>

<table class="w-full border border-gray-300 border-collapse"><thead><tr><th class="border border-gray-300 p-2 text-left font-semibold">Purpose/Activity</th><th class="border border-gray-300 p-2 text-left font-semibold">Type of Data</th><th class="border border-gray-300 p-2 text-left font-semibold">Lawful Basis</th></tr></thead><tbody><tr><td class="border border-gray-300 p-2">To respond to enquiries, set up user profiles, or provide requested services</td><td class="border border-gray-300 p-2">Identity, Contact</td><td class="border border-gray-300 p-2">Performance of a contract; Legitimate interests</td></tr><tr><td class="border border-gray-300 p-2">To manage our relationship with you, including service updates and support</td><td class="border border-gray-300 p-2">Identity, Contact, Communications</td><td class="border border-gray-300 p-2">Performance of a contract; Legal obligation; Legitimate interests</td></tr><tr><td class="border border-gray-300 p-2">To deliver content and services via our website and improve user experience</td><td class="border border-gray-300 p-2">Technical, Usage</td><td class="border border-gray-300 p-2">Legitimate interests (site performance and usability)</td></tr><tr><td class="border border-gray-300 p-2">To manage subscriptions, newsletters, reminders, and service alerts</td><td class="border border-gray-300 p-2">Identity, Contact, Communications</td><td class="border border-gray-300 p-2">Consent; Legitimate interests (communications relevant to previous interest)</td></tr><tr><td class="border border-gray-300 p-2">To analyse data and use tracking to improve our websites, user experience, and marketing effectiveness</td><td class="border border-gray-300 p-2">Technical, Usage</td><td class="border border-gray-300 p-2">Consent; Legitimate interests</td></tr><tr><td class="border border-gray-300 p-2">To conduct remarketing across our group of websites</td><td class="border border-gray-300 p-2">Technical, Usage, Communications</td><td class="border border-gray-300 p-2">Consent; Legitimate interests (promoting services you've interacted with)</td></tr><tr><td class="border border-gray-300 p-2">To comply with a legal obligation or respond to lawful requests from regulators or law enforcement</td><td class="border border-gray-300 p-2">All categories</td><td class="border border-gray-300 p-2">Legal obligation</td></tr></tbody></table>

<strong>Marketing</strong>

We aim to provide you with meaningful choices about the ways we use your personal data for marketing and communications.

<strong>How we may contact you</strong>

By interacting with our websites and expressing interest in our services, you grant us permission to contact you through any of the following methods:

<ul><li>Telephone calls</li><li>SMS messages</li><li>WhatsApp messages</li><li>Email messages</li><li>Email newsletters</li><li>Remarketing across our group of websites</li></ul>

These communications may include service updates, promotional offers, or reminders based on your interaction with our services. You can opt out at any time.

<strong>Promotional offers</strong>

We may use your Identity, Contact, Technical, and Usage Data to determine which services or offers may be relevant to you.

<strong>Third-party marketing</strong>

We will obtain your explicit consent before sharing your data with any external third party for marketing purposes.

<strong>Opting out</strong>

You can ask us to stop sending marketing messages at any time by clicking the unsubscribe link in our emails, adjusting preferences in your account, or contacting us directly.

<strong>Change of purpose</strong>

We will only use your data for the purposes stated above, unless we reasonably determine another use is compatible with the original purpose. If a change of purpose arises, we will notify you and explain the legal basis for that use.

We may need to share your personal data with selected third parties for the purposes described in Section 4. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

We do not allow our third-party service providers to use your personal data for their own purposes. They are only permitted to process your data in line with our instructions and for specified purposes. All service providers are subject to due diligence, contractual safeguards, and periodic compliance reviews to ensure continued adherence to data protection standards.

We may share your personal data with:

<ul><li><strong>Service providers</strong> who perform functions such as website hosting, analytics, marketing email delivery, and CRM management (e.g., Google, Microsoft Clarity, Yandex, Cloudflare).</li><li><strong>Professional advisers</strong> including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.</li><li><strong>Regulators and law enforcement agencies</strong> in response to lawful requests, or where required to comply with a legal obligation.</li><li><strong>Successors to our business</strong>, such as third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If such a change happens, the new owners may use your personal data in the same way as set out in this notice.</li></ul>

We will ensure that any such third parties are bound by data protection agreements and maintain appropriate safeguards to protect your data.

We do not allow data collected from our websites to be shared with or embedded in any mobile application on your device without your consent.

Some of our external service providers (also known as processors) are based outside the United Arab Emirates (UAE), or may process your personal data in countries outside the UAE. This means your data may be transferred to — and stored or processed in — jurisdictions that do not have the same level of data protection laws as the UAE.

<strong>Safeguards in place</strong>

Whenever we transfer your personal data out of the UAE, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place:

<ul><li><strong>Adequacy Regulations:</strong> We may transfer your personal data to countries that have been deemed to provide an adequate level of protection by the UAE Government.</li><li><strong>Standard Contractual Clauses (SCCs):</strong> Where we use service providers outside the UAE in non-adequate countries, we use Standard Contractual Clauses recognised under UAE data protection regulations (or international data transfer agreements) that ensure your personal data receives adequate protection.</li><li><strong>Contractual safeguards:</strong> Where SCCs are not available or appropriate, we implement supplementary measures (such as encryption and access controls) to maintain the security and confidentiality of your data.</li></ul>

Where required, we conduct transfer risk assessments to evaluate the adequacy of protections in destination jurisdictions.

Your use of our website and services constitutes agreement to such transfers, subject to the safeguards described above.

If you would like more information on the specific mechanism used by us when transferring your personal data out of the UAE, please contact us using the details provided in <a href="#important-information-and-who-we-are">Section 1</a>.

Our websites use cookies and similar technologies (such as pixels and local storage) to enhance your experience, understand user behavior, and deliver personalised content and advertising.

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites function properly, as well as to provide information to the owners of the site.

Cookies may be:

<ul><li><strong>Session cookies</strong>, which expire once you close your browser; or</li><li><strong>Persistent cookies</strong>, which remain until deleted or expired.</li></ul>

Cookies we use may be set by us (<strong>first-party cookies</strong>) or by third parties (<strong>third-party cookies</strong>) that provide functionality or analytics on our websites.

<strong>Your control over cookies</strong>

You have the right to decide whether to accept or reject cookies. You can do this using your browser settings or through our cookie preference tool. To adjust your preferences, please click:

<a href="#" data-cookie-preferences-trigger>Manage my cookie preferences</a>

Please note that disabling certain cookies may affect website functionality.

<strong>Types of cookies we use</strong>

<table class="w-full border border-gray-300 border-collapse"><thead><tr><th class="border border-gray-300 p-2 text-left font-semibold">Cookie/Service</th><th class="border border-gray-300 p-2 text-left font-semibold">Provider</th><th class="border border-gray-300 p-2 text-left font-semibold">Purpose</th><th class="border border-gray-300 p-2 text-left font-semibold">Type</th><th class="border border-gray-300 p-2 text-left font-semibold">Duration</th></tr></thead><tbody><tr><td class="border border-gray-300 p-2">_ga, _gid, _gat</td><td class="border border-gray-300 p-2">Google Analytics (GA4 via GTM)</td><td class="border border-gray-300 p-2">Distinguish users, throttle request rates, and collect usage statistics</td><td class="border border-gray-300 p-2">Analytical</td><td class="border border-gray-300 p-2">1 min – 2 years</td></tr><tr><td class="border border-gray-300 p-2">_gcl_au</td><td class="border border-gray-300 p-2">Google AdWords</td><td class="border border-gray-300 p-2">Measures ad conversions and remarketing activity</td><td class="border border-gray-300 p-2">Marketing</td><td class="border border-gray-300 p-2">3 months</td></tr><tr><td class="border border-gray-300 p-2">CLID, ANONCHK, _clsk, _clck</td><td class="border border-gray-300 p-2">Microsoft Clarity</td><td class="border border-gray-300 p-2">Session replay, heatmaps, behavioral analysis</td><td class="border border-gray-300 p-2">Analytical</td><td class="border border-gray-300 p-2">Session – 1 year</td></tr><tr><td class="border border-gray-300 p-2">_ym_uid, _ym_d, _ym_isad</td><td class="border border-gray-300 p-2">Yandex Metrica</td><td class="border border-gray-300 p-2">Collect anonymous usage analytics and performance data</td><td class="border border-gray-300 p-2">Analytical</td><td class="border border-gray-300 p-2">1 year</td></tr><tr><td class="border border-gray-300 p-2">__cf_bm, __cfruid</td><td class="border border-gray-300 p-2">Cloudflare</td><td class="border border-gray-300 p-2">Bot protection, load balancing, performance optimisation</td><td class="border border-gray-300 p-2">Functional</td><td class="border border-gray-300 p-2">30 minutes</td></tr><tr><td class="border border-gray-300 p-2">cc_cookie, cc_preferences</td><td class="border border-gray-300 p-2">Vanilla Cookie Consent</td><td class="border border-gray-300 p-2">Stores user cookie preferences and consent history</td><td class="border border-gray-300 p-2">Functional</td><td class="border border-gray-300 p-2">6 months</td></tr></tbody></table>

<strong>Third-party cookies</strong>

Some cookies may be set by third-party services integrated into our website. These cookies are subject to the third parties' privacy policies and are not controlled directly by us.

We do not set non-essential cookies without your consent.

We have implemented appropriate technical and organisational measures to protect your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way.

These measures include:

<ul><li><strong>SSL encryption</strong> for all data transmitted between your device and our servers;</li><li><strong>Encryption at rest</strong>, which ensures that stored data is protected using industry-standard cryptographic methods;</li><li><strong>Firewall protection and DDoS mitigation</strong> via providers such as Cloudflare;</li><li><strong>Access controls</strong>, ensuring that only authorised personnel and service providers can access your data;</li><li><strong>Role-based permissions</strong> for internal systems to limit exposure to only those with a business need;</li><li><strong>Regular system updates and security patching</strong> to keep platforms secure;</li><li><strong>Monitoring and logging</strong> of access attempts and abnormal activity.</li></ul>

We also limit access to your personal data to employees, contractors, and third-party service providers who have a legitimate business need. All such parties are subject to strict confidentiality obligations and data protection contracts. We provide regular data protection training to employees and contractors and maintain internal compliance procedures.

We maintain internal procedures to deal with any suspected data breach and will notify you and any applicable UAE data protection authority where we are legally required to do so. In the event of a personal data breach, we will notify affected individuals and relevant authorities without undue delay and in accordance with applicable legal timeframes.

<strong>How long will you use my personal data for?</strong>

We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider:

<ul><li>The amount, nature and sensitivity of the personal data;</li><li>The potential risk of harm from unauthorised use or disclosure;</li><li>The purposes for which we process your data and whether we can achieve those purposes through other means;</li><li>Applicable legal requirements.</li></ul>

<strong>Retention schedule</strong>

<table class="w-full border border-gray-300 border-collapse"><thead><tr><th class="border border-gray-300 p-2 text-left font-semibold">Type of Information</th><th class="border border-gray-300 p-2 text-left font-semibold">Retention Period</th><th class="border border-gray-300 p-2 text-left font-semibold">What Happens After Expiry?</th></tr></thead><tbody><tr><td class="border border-gray-300 p-2">Client contact details (name, email, phone)</td><td class="border border-gray-300 p-2">Duration of service + 1 year</td><td class="border border-gray-300 p-2">Securely deleted from all systems</td></tr><tr><td class="border border-gray-300 p-2">Project or service files</td><td class="border border-gray-300 p-2">Duration of service + 3 years</td><td class="border border-gray-300 p-2">Archived, then securely deleted</td></tr><tr><td class="border border-gray-300 p-2">Invoices and financial records</td><td class="border border-gray-300 p-2">7 years</td><td class="border border-gray-300 p-2">Deleted securely in line with accounting laws</td></tr><tr><td class="border border-gray-300 p-2">Email, call and message history</td><td class="border border-gray-300 p-2">Duration of service + 2 years</td><td class="border border-gray-300 p-2">Deleted from all communication systems</td></tr><tr><td class="border border-gray-300 p-2">Website analytics data</td><td class="border border-gray-300 p-2">26 months</td><td class="border border-gray-300 p-2">Anonymised or deleted by provider configuration</td></tr><tr><td class="border border-gray-300 p-2">Cookie consent logs</td><td class="border border-gray-300 p-2">6 months</td><td class="border border-gray-300 p-2">Deleted or overwritten by new consent</td></tr><tr><td class="border border-gray-300 p-2">Backup copies of data</td><td class="border border-gray-300 p-2">6 months post-service completion</td><td class="border border-gray-300 p-2">Automatically purged from secure storage</td></tr></tbody></table>

We may retain Aggregated or Anonymised Data (that is no longer linked to any individual) indefinitely for research, statistical, or performance improvement purposes.

In some cases, you can request early deletion of your data — see <a href="#your-legal-rights">Your legal rights</a> for more information.

Under UAE data protection law, you have rights in relation to your personal data. These rights allow you to understand and control how your data is used by us.

You have the right to:

<ul><li><strong>Request access</strong> to your personal data (commonly known as a "data subject access request") — to receive a copy of the data we hold about you.</li><li><strong>Request correction</strong> of any incomplete or inaccurate data we hold about you.</li><li><strong>Request erasure</strong> of your personal data where there is no legal reason for us to keep it, or if you've withdrawn your consent.</li><li><strong>Object to processing</strong> of your personal data where we rely on a legitimate interest and you feel it impacts your fundamental rights and freedoms.</li><li><strong>Request restriction of processing</strong> if you want us to suspend processing while verifying accuracy or legal grounds.</li><li><strong>Request data portability</strong>, enabling you to obtain and reuse your data in a structured, commonly used, machine-readable format for your own purposes.</li><li><strong>Withdraw consent</strong> where we rely on your consent to process personal data (e.g., for marketing). Withdrawing consent will not affect any processing already lawfully carried out.</li></ul>

Under UAE Federal Decree-Law No. 45 of 2021, you also have the right to:

<ul><li>Object to automated processing where it produces legal effects;</li><li>Withdraw consent at any time;</li><li>Submit a complaint to the UAE Data Office or other competent authority.</li></ul>

<strong>No fee usually required</strong>

You will not have to pay a fee to access your personal data or to exercise any of the rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive — or we may refuse to comply in those cases.

<strong>What we may need from you</strong>

To help confirm your identity and ensure your right to access your data (or exercise any other rights), we may ask you to verify your identity before we respond. This is a security measure to prevent personal data from being disclosed to someone who has no right to receive it.

<strong>Time limit to respond</strong>

We aim to respond to all legitimate requests within <strong>one month</strong>. If your request is particularly complex or you've made multiple requests, it may take us longer. In that case, we will notify you and keep you updated.

<strong>Lawful basis</strong>

<strong>Legitimate Interest</strong> — means the interest of our business in conducting and managing our operations to enable us to deliver services and improve user experience. We make sure we consider and balance any potential impact on your rights and freedoms before processing your personal data for our legitimate interests.

<strong>Performance of a Contract</strong> — means processing your data where it is necessary for the performance of a contract with you (e.g., providing a service) or to take steps at your request before entering into such a contract.

<strong>Comply with a legal obligation</strong> — means processing your personal data where it is necessary for compliance with a legal or regulatory obligation to which we are subject.

<strong>Consent</strong> — means any freely given, specific, informed and unambiguous indication of your wishes by which you signify agreement to the processing of your personal data.

<strong>Types of personal data</strong>

<strong>Identity Data</strong> — includes first name, last name, username or similar identifier.

<strong>Contact Data</strong> — includes address, email address and telephone numbers.

<strong>Technical Data</strong> — includes IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers, and other technology on the devices you use.

<strong>Usage Data</strong> — includes information about how you use our websites and services.

<strong>Marketing and Communications Data</strong> — includes your preferences in receiving marketing from us and your communication preferences.

<strong>Aggregated Data</strong> — statistical or demographic data that may be derived from personal data but is not considered personal under the law if it cannot identify an individual.

<strong>External third parties</strong>

<strong>Service Providers</strong> — third-party companies that process personal data on our behalf to provide services such as website hosting, analytics, communications, advertising, and security.

<strong>Professional Advisers</strong> — such as lawyers, accountants, and insurers.

<strong>Regulators</strong> — such as the UAE Data Office or other supervisory authority and other governmental authorities.

<strong>Your legal rights (summary)</strong>

See <a href="#your-legal-rights">Section 10</a> for a detailed list of your rights under data protection law.

<strong>Remarketing</strong>

Means the use of cookies, pixels, or similar technologies to show targeted advertisements across websites you visit, based on your previous interactions with our websites. This may include ads on our own network of websites or through third-party advertising platforms like Google Ads. You can opt out of remarketing by adjusting your cookie preferences or browser settings.