PRIVACY POLICY
Welcome to https://www.it-tech.ae (the “Website” or the “Internet page”), which is made for the benefit of IT-TECH L.L.C-FZ, a Limited Liability Company, with address for correspondence: The Meydan Hotel, Grandstand, 6th Floor, Nad Al Sheba Dubai, U.A.E.
By using this website, you agree to the terms and conditions for the collection, use and disclosure of your personal information in accordance with this Privacy policy.
Please carefully read this Privacy policy before using this website and if you have any questions about it, please contact us by using the contact form on this website. If you do not agree to any of the terms and conditions contained in this Privacy Policy, you should not use this web site and you should discontinue your visit.
ADMINISTRATOR OF PERSONAL DATA:
“IT-TECH L.L.C-FZ” (hereinafter referred to as “Administrator”) is a Limited Liability Company, with registered office: The Meydan Hotel, Grandstand, 6th Floor, Nad Al Sheba Dubai, U.A.E, and address for correspondence: The Meydan Hotel, Grandstand, 6th Floor, Nad Al Sheba Dubai, U.A.E, and web site: https://www.it-tech.ae.
We are not required to have a data protection officer so, please, address any enquiries about our use of your personal data to the contact details in the previous paragraph.
SUPERVISORY AUTHORITY:
IT-TECH aims to comply with all data protection acts, but of particular relevance for IT-TECH is the European Union General Data Protection Regulation (GDPR) and for its requirements concerning the storage and processing of personal data, our company appoints the relevant authority within the European Union (EU) for all matters concerning data protection under GDPR. Any data Administrator in the EU, which has a place of central administration for the Union, is considered to have this place as a main establishment in the EU, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the Administrator in the EU, in which case that other establishment should be considered to be the main establishment. The criterion for the main establishment should not depend on whether the processing of personal data is carried out at that location. The presence and use of technical means and technologies for processing personal data or processing activities do not, in themselves, constitute a main establishment and are therefore not determining criteria for a main establishment. In cases involving both the Administrator and a processor of data, the competent lead supervisory authority should remain the supervisory authority of the EU Member State where the Administrator has its main establishment, but the supervisory authority of the processor should be considered to be a supervisory authority concerned and that supervisory authority should participate in a cooperation procedure provided for by the Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016. In any case, the supervisory authorities of the EU Member State or Member States where the processor has one or more establishments should not be considered to be supervisory authorities concerned where the draft decision concerns only the Administrator. Where the processing is carried out by a group of undertakings, the main establishment of the controlling undertaking should be considered to be the main establishment of the group of undertakings, except where the purposes and means of processing are determined by another undertaking.
OUR SUPERVISORY AUTHORITY FOR THE EU:
Information Commissioner’s Office
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Contact information: websitefeedback@ico.org.uk; https://ico.org.uk
I. OBJECTIVES AND SCOPE OF PRIVACY POLICY
1.1 The Administrator understands the views of visitors to this website about the protection of personal data and is committed to protecting their personal data by applying all the standards for the protection of personal data under Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC. With this Privacy policy, the Administrator respects the privacy of individuals and makes every effort to protect the personal data of individuals against unauthorized processing by implementing technical and organizational measures for the protection of personal data that are fully in line with modern technological achievements and provide a level of protection that is consistent with the risks associated with the processing and the nature of the data to be protected.
1.2 With this Privacy policy and in compliance with the requirements, the Provider provides information about:
objectives and scope of privacy policy;
personal data collected and processed by the Provider;
the purposes of processing personal data;
retention period of personal data;
mandatory and voluntary nature of the provision of personal data;
processing of personal data;
personal data protection;
recipients or categories of recipients to whom the data may be disclosed;
rights of natural persons;
order for exercise of rights;
right to object;
buttons, tools, and content from other companies;
changes to the privacy policy.
II. DEFINITIONS
2.1 For the purposes of Regulation (EU) 2016/679 and this Privacy policy, these terms have the following meaning:
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Administrator means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Personal data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the
applicable data protection rules according to the purposes of the processing.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Genetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.
Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.
Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
Main establishment means:
as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;
as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation.
III. COLLECTION AND PROCESSING OF PERSONAL DATA
3.1 The Provider may collect and process the following personal data:
Name and surname;
Email address;
Phone number;
Address;
Payment information (credit card details);
IP address;
Other data voluntarily provided by the User.
3.2 The Provider collects personal data in the following ways:
When the User registers on the Provider’s website;
When the User places an order on the Provider’s website;
When the User fills out a contact form on the Provider’s website;
When the User subscribes to the Provider’s newsletter;
When the User participates in promotions, surveys, or other marketing activities organized by the Provider.
3.3 The Provider may process personal data for the following purposes:
To provide services and products offered on the Provider’s website;
To process and fulfill orders placed by Users;
To respond to inquiries and provide customer support;
To send promotional materials, newsletters, and other marketing communications, subject to the User’s consent;
To conduct research and analysis to improve the Provider’s products, services, and website;
To comply with legal obligations and protect the Provider’s rights.
IV. DATA RETENTION PERIOD
4.1 The Provider will retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
4.2 Once the personal data is no longer necessary for the purposes for which it was collected, the Provider will securely delete or anonymize it, unless further retention is necessary for compliance with a legal obligation or protection of the Provider’s legitimate interests.
V. MANDATORY AND VOLUNTARY NATURE OF THE PROVISION OF PERSONAL DATA
5.1 Providing certain personal data may be necessary for the User to access and use certain features of the Provider’s website or to receive certain services or products. Failure to provide mandatory personal data may prevent the User from accessing certain features or receiving certain services or products.
VI. PROCESSING OF PERSONAL DATA
6.1 The Provider will process personal data in accordance with applicable data protection laws and regulations, including the European Union General Data Protection Regulation (GDPR).
6.2 The Provider will only process personal data for the purposes for which it was collected, unless the User has provided explicit consent for other uses.
VII. PERSONAL DATA PROTECTION
7.1 The Provider implements appropriate technical and organizational measures to ensure the security of personal data and protect it from unauthorized access, disclosure, alteration, or destruction.
7.2 These measures include encryption of personal data, regular security assessments, access controls, and staff training on data protection best practices.
VIII. RECIPIENTS OR CATEGORIES OF RECIPIENTS TO WHOM THE DATA MAY BE DISCLOSED
8.1 The Provider may disclose personal data to the following recipients or categories of recipients:
Payment processors for processing payments;
Shipping and logistics companies for order fulfillment;
Marketing and advertising partners for promotional activities;
IT service providers for website hosting, maintenance, and support;
Legal and regulatory authorities as required by law.
IX. RIGHTS OF NATURAL PERSONS
9.1 Users have the following rights regarding their personal data:
The right to access personal data held by the Provider;
The right to rectify inaccurate or incomplete personal data;
The right to erasure of personal data (“right to be forgotten”);
The right to restrict processing of personal data;
The right to data portability;
The right to object to processing of personal data;
Rights related to automated decision making and profiling.
X. ORDER FOR EXERCISE OF RIGHTS
10.1 To exercise their rights regarding personal data, Users may contact the Provider using the contact information provided in this Privacy Policy.
XI. RIGHT TO OBJECT
11.1 Users have the right to object to processing of personal data for direct marketing purposes at any time.
XII. BUTTONS, TOOLS, AND CONTENT FROM OTHER COMPANIES
12.1 The Provider’s website may include buttons, tools, or content from other companies, such as social media sharing buttons or embedded videos. These companies may collect personal data about Users when they interact with such features, and the collection and processing of personal data by these companies are governed by their respective privacy policies.
XIII. CHANGES TO THE PRIVACY POLICY
13.1 The Provider reserves the right to modify or update this Privacy Policy at any time. Any changes will be effective immediately upon posting on the Provider’s website. Users are encouraged to review this Privacy Policy periodically for changes.
XIV. INFORMATION ABOUT COOKIES
14.1 The Provider’s website may use cookies to enhance the User experience and provide personalized content and advertisements. Cookies are small text files that are stored on the User’s device when they visit a website. The User can control and manage cookies through their browser settings, but please note that disabling cookies may affect the functionality of the website.
14.2 For more information about the cookies used on the Provider’s website and how to manage them, Users can refer to the Provider’s Cookie Policy.
XV. CONTACT INFORMATION
15.1 If Users have any questions, concerns, or complaints regarding this Privacy Policy or the Provider’s data processing practices, they can contact the Provider using the following contact information:
IT-TECH L.L.C-FZ
The Meydan Hotel, Grandstand, 6th Floor, Nad Al Sheba Dubai, U.A.E
Website: www.it-tech.ae
XVI. EFFECTIVE DATE
16.1 This Privacy Policy is effective as of [Effective Date] and supersedes any previous versions.
XVII. CONSENT
17.1 By using this website, Users consent to the collection, processing, and use of their personal data in accordance with this Privacy Policy.
XVIII. GOVERNING LAW AND JURISDICTION
18.1 This Privacy Policy shall be governed by and construed in accordance with the laws of the United Arab Emirates. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of the United Arab Emirates.