Welcome to Mubyan (FZE) (“Mubyan”, “we”, “us”, “our”). We are committed to protecting your privacy and handling your personal data with transparency. This Privacy Policy explains how we collect, use, store, and disclose your information when you interact with our website, services, or communicate with us.

1. General Information & Scope

Mubyan operates as a Free Zone Establishment under the laws of Sharjah, United Arab Emirates. Our licensed activities include Computer Systems & Software Designing, Web Portals, Marketing Operations Management, Corporate Services Provider (CSP), and General Trading. This policy applies to:

• Visitors to our website: www.mubyan.com
• Clients, vendors, and partners engaging our services
• Any individual who contacts us via email, phone, or social channels

By using our Site or services, you acknowledge the practices described in this policy.

2. Legal Framework

We process personal data in compliance with applicable UAE laws, including but not limited to:

• Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and its implementing regulations.
• Federal Decree-Law No. 34 of 2021 on Combatting Cybercrimes (data security provisions).
• Where applicable, the EU General Data Protection Regulation (GDPR) for data subjects in the European Economic Area.
• All other sectoral regulations relevant to our activities (e.g., Free Zone Authority guidelines).

3. Information We Collect

3.1 Information you provide to us

We may collect personal data when you:

• Contact us via forms, email, or WhatsApp – we collect your full name, company name, job title, email address, phone number, and message contents.
• Request a quote or service agreement – we may collect billing information, project specifications, and any personal data included in documents you share.
• Subscribe to our newsletters – only with your explicit consent.

3.2 Information collected automatically

When you browse our Site, we may automatically collect technical data such as:

• IP address, browser type and version, operating system, device type, referring URLs, pages visited, date and time stamps, and approximate geographic location.
• This data is collected via cookies and similar tracking technologies (see Section 9).

3.3 Sensitive data

We do not intentionally collect sensitive personal data (e.g., racial or ethnic origin, political opinions, health, biometric data). If necessary for a specific service (e.g., corporate services requiring identification documents), we will obtain your explicit consent and process such data in accordance with PDPL.

4. How We Use Your Information & Legal Bases

We rely on the following legal grounds to process your personal information:

• Contractual necessity: To perform our services, manage projects, invoice, and fulfill our obligations under agreements with you.
• Legitimate interests: To improve our website, respond to inquiries, prevent fraud, and enhance the security of our services.
• Consent: For sending promotional communications or marketing materials (you can withdraw consent at any time).
• Legal obligations: To comply with anti-money laundering (AML) regulations, tax laws, or judicial requests.

5. Sharing Your Information

We do not sell, rent, or trade your personal data. We may share information only with:

• Service providers and subcontractors: Cloud hosting (e.g., AWS, DigitalOcean), analytics providers (e.g., Google Analytics), CRM and communication tools (e.g., email platforms, WhatsApp Business API). These parties are contractually bound to process data only on our behalf and with appropriate security measures.
• Regulatory and law enforcement authorities: If required by UAE law or a valid legal process, we may disclose personal data.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred, and we will notify you as required by applicable law.

6. International Data Transfers

Given the global nature of digital operations, your personal data may be transferred to, stored, or processed in countries outside the United Arab Emirates (e.g., if we use cloud servers located in other regions). When transferring data, we ensure an adequate level of protection consistent with the requirements of UAE PDPL, either through standard contractual clauses, binding corporate rules, or equivalent safeguards.

7. Data Security & Retention

7.1 Security measures

We implement technical and organizational security measures, including encryption (SSL/TLS), access controls, firewalls, and regular security assessments. However, no transmission over the internet is 100% secure; therefore, we encourage you to protect your credentials and notify us immediately of any suspected breach.

7.2 Retention periods

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, or as required by law (e.g., for tax, audit, or AML compliance, records may be kept for up to 5–10 years). After retention expires, we securely delete or anonymize your data.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data (subject to exceptions under UAE law or other applicable regulations):

• Right to access – request a copy of the personal data we hold about you.
• Right to rectification – correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) – request deletion of your data when no longer necessary or when you withdraw consent.
• Right to restriction of processing – limit how we use your data under certain circumstances.
• Right to data portability – receive your data in a structured, machine-readable format.
• Right to object – object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent – at any time, without affecting lawfulness of processing based on consent before withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by PDPL (generally 30 days).

9. Cookies & Tracking Technologies

Our Site uses cookies and similar technologies to enhance user experience, analyse site traffic, and remember preferences. Cookies are small text files stored on your device. We use:

• Strictly necessary cookies: essential for navigation and basic functions (no consent required).
• Performance/analytics cookies: such as Google Analytics, to measure visits and improve content. These cookies are placed only after obtaining your prior consent via a cookie consent banner.

You can manage cookie preferences through your browser settings or by adjusting our cookie preference centre upon first visit. Disabling certain cookies may affect functionality.

10. Children’s Privacy

Our services are directed to business clients and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately, and we will delete it.

11. Third-Party Links

Our Site may contain links to external websites, client portals, or partner platforms. We are not responsible for the privacy practices or content of those third-party sites. We encourage you to read their privacy policies.

12. Updates to This Privacy Policy

We may revise this Privacy Policy from time to time to reflect changes in legal requirements, our services, or industry standards. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of our Site after such modifications constitutes acceptance of the revised policy.

13. Contact Us & Data Controller