Privacy Policy
Last updated 24 Jan 2026 Version: 2026-01.24-UAE
Welcome to the Dubai Advertising privacy notice.
Dubai Advertising respects your privacy and is committed to protecting your personal data. This privacy notice will inform you how we look after your personal data when you visit our website (regardless of where you visit or access it from) and tell you about your privacy rights and how the law protects you.
This policy implements the requirements of the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and, where applicable, the General Data Protection Regulation (GDPR) — the legal framework that governs personal data protection in the UK.
We have developed systems and processes to ensure that our data handling standards meet or exceed the requirements of applicable law. This privacy notice is presented in a layered format so you can easily navigate to specific sections. Please also refer to the Glossary to understand the meaning of certain terms used in this notice.
Contents
1. Important information and who we are
Purpose of this privacy policy
This privacy notice provides information on how Dubai Advertising collects and processes your personal data through your use of our website, including any data you may provide when you fill in forms, submit an enquiry, or interact with us in any other way.
Our website is not intended for use by children under the age of 18, and we do not knowingly collect data relating to minors. If we become aware that we have collected personal data from a minor without appropriate consent, we will delete such data promptly.
This notice supplements other privacy or fair processing notices we may provide on specific occasions and is not intended to override them. Please read this privacy notice together with any other notices provided when we are collecting or processing personal data.
Controller
Dubai Advertising, operated by Media Agency Group FZ-LLC, is the data controller responsible for your personal data.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact:
Email: privacy@dubaiadvertising.ae
Postal Address: Al Sufouh Complex, Media City, Dubai, UAE.
Changes to the privacy policy and your duty to inform us of changes
We review our privacy policy regularly. Any updates will be posted on this page with a revised "version" and "date."
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes at any point during your relationship with us.
Third-party links
Our website may include links to third-party websites, plug-ins, or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our website, we encourage you to read the privacy notice of every website you visit.
2. The data we collect about you
Personal data (also known as personal information) means any information about an individual from which that person can be identified. It does not include anonymous data, where identifying details have been removed.
We may collect, use, store and transfer different types of personal data about you. We group these into the following categories:
Non-Special Category of Personal Data
- Identity Data — includes first name, last name, username or similar identifier.
- Contact Data — includes billing address, delivery address, email address and telephone numbers.
- Technical Data — includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers, and other technology on the devices you use to access this website.
- Usage Data — includes information about how you use our website, such as page visits, clicks, time spent on site, and interaction with content.
- Marketing and Communications Data — includes your preferences in receiving marketing from us and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data, but is not considered personal data in law as it does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the website.
If we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, and it will be used in accordance with this privacy notice.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract with you, and you fail to provide that data when requested, we may not be able to perform the contract or provide services. In such a case, we will notify you if your data is required and explain any consequences of non-provision.
3. How is your personal data collected?
We use a range of methods to collect data from and about you, including:
a. Direct interactions — You may provide us with your Identity and Contact Data by filling in forms on our websites, by corresponding with us by phone, email, or other communication channels. This includes personal data you provide when you:
- Make an enquiry;
- Request information or a service;
- Subscribe to a newsletter or marketing list;
- Interact with our chat features;
- Give us feedback or respond to a survey.
b. Automated technologies or interactions — As you interact with our website, we may automatically collect Technical and Usage Data about your equipment, browsing actions, and patterns. We collect this data using:
- Cookies;
- Server logs;
- Web beacons or pixels;
- Serverless pings and client-side events;
- Analytics and tracking tools (e.g., Google Tag Manager, GA4, Microsoft Clarity, Yandex).
c. Third-party sources — We may receive personal data about you from third parties including:
- Analytics providers (e.g., Google Analytics, Microsoft Clarity, Yandex);
- Advertising networks (e.g., Google Ads, Meta Ads);
- Social media platforms or referral links;
- Contact or marketing data providers (e.g., email newsletter tools).
4. How we use your personal data
We will only use your personal data where the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for the performance of a contract with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- Where you have given us your consent (such as for receiving marketing communications).
For clarity:
- We rely on your consent for cookies, remarketing, and promotional communications.
- We rely on legitimate interests for service-related communications, website optimisation, and fraud prevention.
- Where consent is required, processing will not take place unless valid consent is obtained.
In some cases, we may rely on more than one legal basis for processing your data, depending on the purpose.
Purposes for which we will use your personal data
| Purpose/Activity | Type of Data | Lawful Basis |
|---|---|---|
| To respond to enquiries, set up user profiles, or provide requested services | Identity, Contact | Performance of a contract; Legitimate interests |
| To manage our relationship with you, including service updates and support | Identity, Contact, Communications | Performance of a contract; Legal obligation; Legitimate interests |
| To deliver content and services via our website and improve user experience | Technical, Usage | Legitimate interests (site performance and usability) |
| To manage subscriptions, newsletters, reminders, and service alerts | Identity, Contact, Communications | Consent; Legitimate interests (communications relevant to previous interest) |
| To analyse data and use tracking to improve our websites, user experience, and marketing effectiveness | Technical, Usage | Consent; Legitimate interests |
| To conduct remarketing across our group of websites | Technical, Usage, Communications | Consent; Legitimate interests (promoting services you've interacted with) |
| To comply with a legal obligation or respond to lawful requests from regulators or law enforcement | All categories | Legal obligation |
Marketing
We aim to provide you with meaningful choices about the ways we use your personal data for marketing and communications.
How we may contact you
By interacting with our websites and expressing interest in our services, you grant us permission to contact you through any of the following methods:
- Telephone calls
- SMS messages
- WhatsApp messages
- Email messages
- Email newsletters
- Remarketing across our group of websites
These communications may include service updates, promotional offers, or reminders based on your interaction with our services. You can opt out at any time.
Promotional offers
We may use your Identity, Contact, Technical, and Usage Data to determine which services or offers may be relevant to you.
Third-party marketing
We will obtain your explicit consent before sharing your data with any external third party for marketing purposes.
Opting out
You can ask us to stop sending marketing messages at any time by clicking the unsubscribe link in our emails, adjusting preferences in your account, or contacting us directly.
Change of purpose
We will only use your data for the purposes stated above, unless we reasonably determine another use is compatible with the original purpose. If a change of purpose arises, we will notify you and explain the legal basis for that use.
5. Disclosures of your personal data
We may need to share your personal data with selected third parties for the purposes described in Section 4. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third-party service providers to use your personal data for their own purposes. They are only permitted to process your data in line with our instructions and for specified purposes. All service providers are subject to due diligence, contractual safeguards, and periodic compliance reviews to ensure continued adherence to data protection standards.
We may share your personal data with:
- Service providers who perform functions such as website hosting, analytics, marketing email delivery, and CRM management (e.g., Google, Microsoft Clarity, Yandex, Cloudflare).
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- Regulators and law enforcement agencies in response to lawful requests, or where required to comply with a legal obligation.
- Successors to our business, such as third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If such a change happens, the new owners may use your personal data in the same way as set out in this notice.
We will ensure that any such third parties are bound by data protection agreements and maintain appropriate safeguards to protect your data.
We do not allow data collected from our websites to be shared with or embedded in any mobile application on your device without your consent.
6. International transfers
Some of our external service providers (also known as processors) are based outside the United Arab Emirates (UAE), or may process your personal data in countries outside the UAE. This means your data may be transferred to — and stored or processed in — jurisdictions that do not have the same level of data protection laws as the UAE.
Safeguards in place
Whenever we transfer your personal data out of the UAE, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place:
- Adequacy Regulations: We may transfer your personal data to countries that have been deemed to provide an adequate level of protection by the UAE Government.
- Standard Contractual Clauses (SCCs): Where we use service providers outside the UAE in non-adequate countries, we use Standard Contractual Clauses recognised under UAE data protection regulations (or international data transfer agreements) that ensure your personal data receives adequate protection.
- Contractual safeguards: Where SCCs are not available or appropriate, we implement supplementary measures (such as encryption and access controls) to maintain the security and confidentiality of your data.
Where required, we conduct transfer risk assessments to evaluate the adequacy of protections in destination jurisdictions.
Your use of our website and services constitutes agreement to such transfers, subject to the safeguards described above.
If you would like more information on the specific mechanism used by us when transferring your personal data out of the UAE, please contact us using the details provided in Section 1.
7. Cookies
Our websites use cookies and similar technologies (such as pixels and local storage) to enhance your experience, understand user behavior, and deliver personalised content and advertising.
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites function properly, as well as to provide information to the owners of the site.
Cookies may be:
- Session cookies, which expire once you close your browser; or
- Persistent cookies, which remain until deleted or expired.
Cookies we use may be set by us (first-party cookies) or by third parties (third-party cookies) that provide functionality or analytics on our websites.
Your control over cookies
You have the right to decide whether to accept or reject cookies. You can do this using your browser settings or through our cookie preference tool. To adjust your preferences, please click:
Please note that disabling certain cookies may affect website functionality.
Types of cookies we use
| Cookie/Service | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| _ga, _gid, _gat | Google Analytics (GA4 via GTM) | Distinguish users, throttle request rates, and collect usage statistics | Analytical | 1 min – 2 years |
| _gcl_au | Google AdWords | Measures ad conversions and remarketing activity | Marketing | 3 months |
| CLID, ANONCHK, _clsk, _clck | Microsoft Clarity | Session replay, heatmaps, behavioral analysis | Analytical | Session – 1 year |
| _ym_uid, _ym_d, _ym_isad | Yandex Metrica | Collect anonymous usage analytics and performance data | Analytical | 1 year |
| __cf_bm, __cfruid | Cloudflare | Bot protection, load balancing, performance optimisation | Functional | 30 minutes |
| cc_cookie, cc_preferences | Vanilla Cookie Consent | Stores user cookie preferences and consent history | Functional | 6 months |
Third-party cookies
Some cookies may be set by third-party services integrated into our website. These cookies are subject to the third parties' privacy policies and are not controlled directly by us.
We do not set non-essential cookies without your consent.
8. Data security
We have implemented appropriate technical and organisational measures to protect your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way.
These measures include:
- SSL encryption for all data transmitted between your device and our servers;
- Encryption at rest, which ensures that stored data is protected using industry-standard cryptographic methods;
- Firewall protection and DDoS mitigation via providers such as Cloudflare;
- Access controls, ensuring that only authorised personnel and service providers can access your data;
- Role-based permissions for internal systems to limit exposure to only those with a business need;
- Regular system updates and security patching to keep platforms secure;
- Monitoring and logging of access attempts and abnormal activity.
We also limit access to your personal data to employees, contractors, and third-party service providers who have a legitimate business need. All such parties are subject to strict confidentiality obligations and data protection contracts. We provide regular data protection training to employees and contractors and maintain internal compliance procedures.
We maintain internal procedures to deal with any suspected data breach and will notify you and any applicable UAE data protection authority where we are legally required to do so. In the event of a personal data breach, we will notify affected individuals and relevant authorities without undue delay and in accordance with applicable legal timeframes.
9. Data retention
How long will you use my personal data for?
We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements.
To determine the appropriate retention period, we consider:
- The amount, nature and sensitivity of the personal data;
- The potential risk of harm from unauthorised use or disclosure;
- The purposes for which we process your data and whether we can achieve those purposes through other means;
- Applicable legal requirements.
Retention schedule
| Type of Information | Retention Period | What Happens After Expiry? |
|---|---|---|
| Client contact details (name, email, phone) | Duration of service + 1 year | Securely deleted from all systems |
| Project or service files | Duration of service + 3 years | Archived, then securely deleted |
| Invoices and financial records | 7 years | Deleted securely in line with accounting laws |
| Email, call and message history | Duration of service + 2 years | Deleted from all communication systems |
| Website analytics data | 26 months | Anonymised or deleted by provider configuration |
| Cookie consent logs | 6 months | Deleted or overwritten by new consent |
| Backup copies of data | 6 months post-service completion | Automatically purged from secure storage |
We may retain Aggregated or Anonymised Data (that is no longer linked to any individual) indefinitely for research, statistical, or performance improvement purposes.
In some cases, you can request early deletion of your data — see Your legal rights for more information.
10. Your legal rights
Under UAE data protection law, you have rights in relation to your personal data. These rights allow you to understand and control how your data is used by us.
You have the right to:
- Request access to your personal data (commonly known as a "data subject access request") — to receive a copy of the data we hold about you.
- Request correction of any incomplete or inaccurate data we hold about you.
- Request erasure of your personal data where there is no legal reason for us to keep it, or if you've withdrawn your consent.
- Object to processing of your personal data where we rely on a legitimate interest and you feel it impacts your fundamental rights and freedoms.
- Request restriction of processing if you want us to suspend processing while verifying accuracy or legal grounds.
- Request data portability, enabling you to obtain and reuse your data in a structured, commonly used, machine-readable format for your own purposes.
- Withdraw consent where we rely on your consent to process personal data (e.g., for marketing). Withdrawing consent will not affect any processing already lawfully carried out.
Under UAE Federal Decree-Law No. 45 of 2021, you also have the right to:
- Object to automated processing where it produces legal effects;
- Withdraw consent at any time;
- Submit a complaint to the UAE Data Office or other competent authority.
No fee usually required
You will not have to pay a fee to access your personal data or to exercise any of the rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive — or we may refuse to comply in those cases.
What we may need from you
To help confirm your identity and ensure your right to access your data (or exercise any other rights), we may ask you to verify your identity before we respond. This is a security measure to prevent personal data from being disclosed to someone who has no right to receive it.
Time limit to respond
We aim to respond to all legitimate requests within one month. If your request is particularly complex or you've made multiple requests, it may take us longer. In that case, we will notify you and keep you updated.
11. Glossary
Lawful basis
Legitimate Interest — means the interest of our business in conducting and managing our operations to enable us to deliver services and improve user experience. We make sure we consider and balance any potential impact on your rights and freedoms before processing your personal data for our legitimate interests.
Performance of a Contract — means processing your data where it is necessary for the performance of a contract with you (e.g., providing a service) or to take steps at your request before entering into such a contract.
Comply with a legal obligation — means processing your personal data where it is necessary for compliance with a legal or regulatory obligation to which we are subject.
Consent — means any freely given, specific, informed and unambiguous indication of your wishes by which you signify agreement to the processing of your personal data.
Types of personal data
Identity Data — includes first name, last name, username or similar identifier.
Contact Data — includes address, email address and telephone numbers.
Technical Data — includes IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers, and other technology on the devices you use.
Usage Data — includes information about how you use our websites and services.
Marketing and Communications Data — includes your preferences in receiving marketing from us and your communication preferences.
Aggregated Data — statistical or demographic data that may be derived from personal data but is not considered personal under the law if it cannot identify an individual.
External third parties
Service Providers — third-party companies that process personal data on our behalf to provide services such as website hosting, analytics, communications, advertising, and security.
Professional Advisers — such as lawyers, accountants, and insurers.
Regulators — such as the UAE Data Office or other supervisory authority and other governmental authorities.
Your legal rights (summary)
See Section 10 for a detailed list of your rights under data protection law.
Remarketing
Means the use of cookies, pixels, or similar technologies to show targeted advertisements across websites you visit, based on your previous interactions with our websites. This may include ads on our own network of websites or through third-party advertising platforms like Google Ads. You can opt out of remarketing by adjusting your cookie preferences or browser settings.
Get a Tailored Quote Now to Launch Your Outdoor Campaign!
Your audience is out there, on roads, at airports and across screens. Every moment of delay is a moment of lost visibility. So, why wait? Request a personalised quote now to plan and roll out your OOH advertising Dubai campaign at full speed.
We craft a bespoke strategy that delivers maximum impact across the city's most strategic locations. From concept to execution, Dubai Advertising gets your campaign up and running faster than ever.
Frequently Asked Questions
Outdoor advertising promotes brands through physical media like billboards, unipoles, lampposts, transport and digital screens placed in high-traffic public environments.
Dubai's dense road networks, high commuter volumes and premium urban infrastructure deliver consistent exposure, strong brand recall and unmatched citywide visibility, making it perfect for launching your outdoor ads.
Yes. Campaigns are targeted using location context, traffic patterns, commuter profiles, business districts, residential zones and proximity to consumer destinations.
Yes. Digital and selected static formats such as unipoles and lampposts support short-term campaigns, making outdoor advertising effective for launches, events, promotions and time-sensitive messaging.
Absolutely. Outdoor campaigns are often timed around festivals, sales seasons, exhibitions and major events to maximise visibility during peak audience movement periods.
Pricing depends on format type, location demand, traffic volume, campaign duration, production requirements, municipal fees and overall inventory availability.