Privacy Policy
Last updated: 24 June 2026
(UAE Personal Data Protection Law — incorporated into and forming part of the Roster+ Portal Terms of Use, Part A clause 22)
0. Preamble & Front Matter
0.2 What this Policy is. This document is the Roster+ Privacy Policy referred to in clause 22 of the Roster+ Portal Terms of Use (Part A) (the "Terms"). It is incorporated into and forms part of the Terms and is one of the incorporated policies listed in Part A clauses 0.4(b) and 29.4. It explains how we collect, use, share, retain, and protect your personal data when you use the Portal, and the rights you have over that data. Capitalised terms not defined here have the meanings given to them in clause 3 of the Terms (including "Portal", "Services", "Performer / Artist", "Client / Promoter", "Organisation", "Owner", "Admin", "Roster Coins", "Wallet", "Booking Request", "Engagement", "Verified WhatsApp", "Company Number", "PSP", and "KYC").
0.3 Scope. This Policy applies across the entire Portal and all channels described in clause 3.1 of the Terms — the rosterplus.io website and any current or future mobile application, Operator digital channel, social-media presence, WhatsApp Business messaging through the Company Number, email, SMS, push notification, voice or telephone channel, or any other channel through which the Services are offered or delivered. It governs the processing of personal data of all Users (Performers/Artists, Clients/Promoters, Organisations, and the internal Owner and Admin roles), of an Organisation's managed artists who exist as Claim Profiles, and of any individual whose personal data is submitted to or processed through the Portal.
0.4 Language. This Policy is made available in English and Arabic. Where a User is a consumer in the United Arab Emirates ("UAE"), the Arabic version prevails in the event of any conflict, consistent with clause 0.3 of the Terms.
0.5 Relationship to the Terms. This Policy must be read together with the Terms, in particular clause 8 (identity, documents, artwork and likeness), clause 9 (communications, monitoring and recording), clause 14A and 14B (payments and third-party providers), clause 21 (AML/CFT, sanctions and source of funds), and clause 22 (data protection and privacy). Where this Policy and the Terms address the same subject, they are intended to be consistent; the Terms' order of precedence in clause 0.5 applies, and nothing in this Policy excludes or limits any right that the UAE Personal Data Protection Law makes non-excludable.
1. Who We Are — Controller Identity
1.1 The Controller. The data controller responsible for your personal data is TRANSCENDA COMPUTER SYSTEMS & COMMUNICATION EQUIPMENT SOFTWARE DESIGN EST. (the "Operator", and in this Policy also "Roster+", "we", "us", or "our"), which operates the Roster+ Portal at rosterplus.io. The party that determines the purposes and means of processing your personal data, and that is legally responsible under this Policy, is always the full legal entity named in this clause, even where the text uses the short form "Roster+", "we", "us", or "our".
1.2 Controller identifiers and contact details.
- DED Licence No.: 1062923
- D-U-N-S No.: 571233731
- Registered office: Office 305-A, 3rd Floor, Mozna Building, Al Qusais 1, Deira, Dubai, United Arab Emirates.
- Official website (detail only): transcenda.io (this is a contact/website detail of the Controller and is not the name of the contracting party; the Portal itself is at rosterplus.io).
- Privacy / data-protection contact: [email protected] (see clause 13).
1.3 Our role. For most processing described in this Policy we act as the controller. Where we engage third parties to process personal data on our behalf and on our instructions (for example hosting, authentication, communications, identity verification, and — when enabled — payment processing), those third parties act as our processors / service providers, as described in clause 5. A Client who lawfully receives a Performer's travel or permit document for a specific Booking under clause 8.2 of the Terms becomes an independent controller of that document for the limited purpose for which it was disclosed, and is bound by the purpose-limitation and confidentiality conditions in clause 8.2 of the Terms.
2. The Personal Data We Collect
We collect and process the following categories of personal data. Not all categories apply to every User; what we collect depends on your role and how you use the Portal.
2.1 Account and registration data. Your name; the role you select (Performer/Artist, Client/Promoter, or Organisation); email address; mobile and WhatsApp number; password / sign-in credentials (held by our authentication provider, not stored in clear by us); city/country; profile and Listing content; bio; avatar; Availability Calendar; and your account, role, and verification status. This also includes your public handle (username), display-only membership number, headline, public links, and verification/premium badge status.
2.1A Public profile data (publicly visible). When you publish a public profile page (rosterplus.io/@username), the content you choose to make public — your handle, display name, photo, headline, bio, location (e.g. city/country), links, badges, and (for a Performer) EPK content — is visible to anyone, including unauthenticated visitors and search engines, and may be cached or indexed by third parties beyond our control. Location is used as a discovery signal and is not restricted to a single area. You can control or unlist your public page in your settings (clause 5.9 of the Terms and clause 9 below); after a change, third-party caches may persist for a time.
2.2 Identity and KYC / verification documents (sensitive). For Verification and KYC under clauses 5.4 and 21 of the Terms, we collect identity and standing documents, which may include a passport photograph, identity document (e.g. Emirates ID or passport), and, for an Organisation, its trade licence, authorised-signatory details, and ultimate-beneficial-owner (UBO) information. For Performers, a flyer/artwork is also required before activation. Where a Booking requires it, certain Performer documents needed for that specific booking (for example for flights or permits) may be unlocked and delivered to the booking Client under the purpose-limited, per-Booking-consent regime in clause 8.2 of the Terms. We treat identity, KYC, and similar documents as sensitive personal data requiring heightened protection (clause 6).
2.3 Artwork, photographs and likeness. A Performer's Artwork / Likeness (artwork, photographs, image, name, and likeness), which the Performer authorises us to use for marketing and promotion under clause 8.3 of the Terms.
2.4 Booking, transaction and financial data. Booking Requests, Engagements, and Bookings; Roster Coin Top-Ups, balances, and Wallet activity; the Booking-Request Fee and other fees applied; Performer/Organisation Earnings and Payout records; receipts, tax invoices, and credit notes; verified payout-account name and details (for Performers/Organisations); and Client fulfilment proofs (for example flight tickets, accommodation, permits) uploaded under the Engagement. When payment gateways are enabled, payment is processed by a third-party Payment Service Provider (PSP); we do not store full payment-card data (clause 14A of the Terms, and clauses 4 and 6 below).
2.5 Communications data. The content and metadata of Communications through our channels, including in-Portal messages and notifications; email (sent by us / the Portal); WhatsApp messages through the Company Number (+971 4 368 2705) WhatsApp Business API; SMS; push notifications; and any voice or telephone calls where used. As disclosed and consented to in clause 9.4 of the Terms, Communications through the company channels are monitored, recorded, and stored (see clause 3.5 below). The booking negotiation thread is bound to {that Performer, that Client, that Booking}.
2.6 Device, technical and usage data. IP address; device and browser type and identifiers; operating system; app version; push-notification tokens; log data; pages and features used; timestamps; referral data; and similar technical information generated when you use the Portal, including data captured in the platform audit log (who did what, when, and from which IP).
2.6A Discovery and impression data. To order the directory/feed fairly and to give every profile a fair chance of being seen, we record impressions — that a given profile was shown to a viewer in the feed — on a per-day, de-duplicated basis. For this we use a viewer key: for a signed-in user, your account identifier; for an anonymous visitor, a salted, one-way hash of your IP address and the date (with a server-held secret salt) that lets us count one anonymous viewer once per day without storing your raw IP for this purpose, identifying you by name, or tracking you across other sites. We also derive a coarse country from our content-delivery network's edge header (e.g. "AE") and, where you supply one, a city — used only as a location signal to surface nearby talent (clause 15A.9 of the Terms), never to exclude profiles. This data is a first-party analytics record used for fair ranking, profile analytics, and abuse prevention; our lawful basis is our legitimate interest in operating a fair, functioning marketplace, balanced against your interests. We retain it only briefly (clause 8) and it is server-side, not a third-party advertising cookie (clause 12).
2.6B Profile analytics (views and engagement). So that a profile owner can see how their own public page is performing, and to help us improve the Portal, we record first-party analytics about public-profile activity: a profile view (that a profile page was opened by a viewer — including on the rosterplus.io/@username page, the username.rosterplus.io subdomain, and the directory), and engagement clicks (clicking the booking button, a contact action, or one of the profile's own listed links). We use the same viewer key as clause 2.6A — for a signed-in user, your account identifier; for an anonymous visitor, a salted, one-way hash of your IP address (as observed by our content-delivery network, Cloudflare, at its edge) and the date — and we de-duplicate per viewer per day, so a refresh is not a new view and we do not store your raw IP for this purpose, identify you by name, or track you across other sites. Because the IP is observed at our CDN's edge, it may be processed outside the UAE (see clause 7). These counts are shown to the profile owner only as aggregates (for example, "profile views in the last 30 days") and never identify the individual viewer; per-link counts are withheld until enough distinct visitors exist to prevent anyone being singled out, and we never expose a signed-in-versus-anonymous breakdown. Our lawful basis is our legitimate interest in giving owners insight into their own profile and operating the Portal, balanced against your interests. This is server-side first-party analytics, not a third-party advertising cookie (clause 12); aggregate website-traffic analytics (e.g. Google/Firebase Analytics) are addressed separately in clause 12. We retain it for the period in clause 8.
2.7 Marketing and preference data. Your marketing opt-in/opt-out choices, notification preferences, and language preference.
2.8 Compliance and risk data. Data generated by sanctions/PEP screening, transaction monitoring, source-of-funds enquiry, fraud and chargeback controls, and the records we are required to keep under clause 21 of the Terms.
2.9 Children's data — not collected. The Portal is for adults only (clause 11). We do not knowingly collect personal data from anyone under 18.
3. Why We Process Your Data — Purposes and Lawful Bases
We process personal data only where we have a lawful basis under the UAE Personal Data Protection Law ("PDPL"). The principal purposes and bases are set out below.
3.1 To provide the Portal and Services (performance of a contract). To create and manage your Account; to operate the end-to-end Portal flow (registration → onboarding → Listing → Availability Calendar → Booking Request → negotiation → Engagement → secured payment → completion → Payout → cancellation/refund — clause 4.3 of the Terms); to form and administer Engagements; and to deliver our own Service as principal. Basis: performance of the contract with you (the Terms and the applicable Schedule).
3.2 Identity verification and KYC (legal obligation / contract). To verify your identity, standing, and account-ownership, and to gate activation under clause 5.5 of the Terms, including processing identity and KYC documents. Basis: compliance with our legal/regulatory (AML/CFT and related) obligations, performance of the contract, and — for sensitive identity documents — your explicit consent where required.
3.3 Purpose-limited disclosure of Performer documents (consent + contract). To unlock and deliver, where an Engagement requires it, a Performer's specific documents to the booking Client for the specific travel or permit purpose of that Booking. Basis: the Performer's specific, informed, per-Booking consent (captured before any document is released — clause 8.2 of the Terms) together with performance of the Engagement, with data minimisation and purpose limitation applied.
3.4 Marketing use of Artwork / Likeness (consent). To use a Performer's Artwork / Likeness to market and promote the Portal and the Services across current and future channels. Basis: the Performer's authorisation/consent under clause 8.3 of the Terms and the content licence in clause 10.3, subject to the limits stated there.
3.5 Communications, monitoring and recording (consent + contract + legitimate interest / legal obligation). To send transactional and booking Communications; to operate the bound WhatsApp/company-channel threads; and to monitor, record, store, and use Communications through the company channels for safety, quality, dispute resolution, fraud prevention, AML/CFT, and compliance, as disclosed and consented to in clause 9.4 of the Terms. Basis: your consent, the necessity of such processing for performance of the contract, our fraud-prevention/AML/CFT/safety/compliance obligations, and our legitimate operational and compliance interests where permitted by the PDPL.
3.6 Payments and financial administration (contract / legal obligation). To process Top-Ups and payments (through the PSP when enabled), maintain the Wallet and Earnings ledgers, generate receipts, tax invoices, and credit notes, administer refunds, chargebacks, and reconciliation, and account for VAT. Basis: performance of the contract and compliance with tax and financial record-keeping obligations.
3.7 Fraud prevention, AML/CFT and sanctions (legal obligation / legitimate interest). To screen for sanctions and PEP status; to monitor transactions for structuring, velocity, wash/circular bookings, and Top-Up-then-immediate-Payout patterns; to carry out source-of-funds enquiry; to apply payout and fraud controls; and to make suspicious-transaction reports. Basis: compliance with the UAE AML/CFT law (applied in substance — clause 21 of the Terms) and our legitimate interest in preventing fraud and protecting the Portal and its Users.
3.8 Security, audit and platform integrity (legitimate interest / legal obligation). To secure the Portal, maintain the platform-wide audit log, investigate suspected breaches, enforce the Terms and Acceptable-Use Policy, and protect Users. Basis: our legitimate interest in security and integrity, and compliance with applicable law.
3.9 Service improvement and analytics (legitimate interest). To understand usage, diagnose problems, and improve the Portal. Basis: our legitimate interest, using minimised or aggregated data where practicable.
3.10 Marketing communications (consent). To send you marketing messages where you have opted in, with an opt-out always available. Basis: your consent, in line with clause 9.6 of the Terms and applicable telecommunications rules (including TDRA requirements for WhatsApp/SMS).
3.11 Legal claims and regulatory cooperation (legal obligation / legitimate interest). To establish, exercise, or defend legal claims, respond to lawful requests, and cooperate with the UAE authorities, the Financial Intelligence Unit, regulators, and law enforcement. Basis: compliance with legal obligations and our legitimate interest in protecting our rights.
4. Sharing and Disclosure — Categories of Recipients
We do not sell your personal data. We share it only as described below, and only with recipients who are bound to protect it. Consistent with clause 14B of the Terms, no individual provider is named in the binding Terms; the categories below, and the maintainable named sub-processor list in clause 5, may be updated without amending the Terms.
4.1 Other Users, where the Service requires it. Limited data is shared between Users to operate a Booking — for example a Performer's Listing/profile is shown to Clients; the bound negotiation thread connects {Performer, Client, Booking}; and, where an Engagement requires it, purpose-limited Performer documents are delivered to the booking Client under clause 8.2 of the Terms. Consistent with the anti-disintermediation rule in clause 9.3 of the Terms, Users do not receive each other's phone number, email, or other personal contact details — all Communications are routed through the Portal and the Company Number.
4.2 Payment processing (when enabled). When payment gateways are enabled, a third-party Payment Service Provider (PSP) processes, secures, and transmits Top-Ups and payments; we do not store full payment-card data (clause 14A of the Terms). The PSP processes the relevant payment data as described in its own terms and privacy notice. Payment gateways are currently disabled, so no live card payment data is being collected or shared at this time.
4.3 Hosting and infrastructure. Providers that host and operate the Portal's infrastructure, storage, and databases process personal data on our behalf as processors.
4.4 Authentication. An authentication / sign-in provider processes sign-in credentials and account-identity data on our behalf to operate secure log-in.
4.5 Communications and messaging. Providers of email, SMS, push-notification, and WhatsApp Business messaging (through the Company Number / landline WhatsApp Business API) process Communications data to deliver our messages. Your use of WhatsApp is also subject to WhatsApp's and Meta's own terms and privacy policies (clause 9.9 and 14B of the Terms); messages sent through WhatsApp are processed on that provider's infrastructure, which may involve transfer and storage outside the UAE (clause 7).
4.6 Email and marketing. Providers that deliver transactional and (where you opt in) marketing communications.
4.7 Analytics. Analytics providers that help us understand and improve Portal usage, using minimised or aggregated data where practicable.
4.8 Identity verification / KYC. Providers that assist with identity verification, document checks, and sanctions/PEP screening process the relevant identity and compliance data on our behalf.
4.9 Professional advisers and corporate transactions. Our auditors, lawyers, tax advisers, and similar professional advisers; and, in connection with a corporate transaction (such as a merger, acquisition, or restructuring), a counterparty, subject to confidentiality and to clause 28.3 of the Terms (which preserves your accrued rights and mandatory consumer protections).
4.10 Authorities and law enforcement. Regulators, courts, the UAE Financial Intelligence Unit, the PSP, card schemes, banks, and law-enforcement authorities, where permitted or required by law, including for AML/CFT reporting, fraud reporting, and the reporting of unlawful content (clauses 9.10, 12.3A, 14A.9, and 21 of the Terms).
4.11 No naming in the binding Terms. Consistent with clause 14B.2 of the Terms, the named sub-processor list is maintained in clause 5 of this Policy and may be updated without amending the Terms. We may add, change, or remove providers at any time (clause 14B.4 of the Terms).
5. Named Sub-Processor List (maintainable)
The following list names the specific third-party processors / sub-processors we use within the categories in clause 4. This list is maintainable: we may update it (add, change, or remove a provider) as our service stack evolves, without amending the Terms (clauses 14B.2 and 14B.4 of the Terms). We will keep the current list available on the Portal.
| Category | Provider(s) | Function | Location / transfer note |
|---|---|---|---|
| Hosting & infrastructure | To be disclosed | Hosting, storage, databases | To be disclosed; basis per clause 7 |
| Authentication | To be disclosed | Sign-in / credential management | To be disclosed; basis per clause 7 |
| Payment processing (PSP) | To be disclosed (payments currently disabled) | Card/payment processing; PCI-DSS | To be disclosed; basis per clause 7 |
| Communications — WhatsApp | WhatsApp / Meta (via Company Number Business API) | WhatsApp business messaging | Processed on Meta infrastructure; may be outside the UAE |
| Communications — email / SMS / push | To be disclosed | Transactional & marketing messaging | To be disclosed; basis per clause 7 |
| Analytics | To be disclosed | Usage analytics | To be disclosed; basis per clause 7 |
| Identity verification / KYC | To be disclosed | KYC, document checks, sanctions/PEP screening | To be disclosed; basis per clause 7 |
6. How We Protect Your Data — Security Measures
We apply technical and organisational measures appropriate to the sensitivity of the data, including the following.
6.1 Private document store. Identity documents (passports, IDs, trade licences) and similar sensitive files are stored in a private store and are never placed on a public URL. They are served download-only (using attachment content-disposition and nosniff), with owner/admin access only, file type verified by magic-bytes, and per-user uploads rate-limited.
6.2 Encryption in transit. All traffic is served over TLS.
6.3 Secrets management. Secrets and credentials are held in the platform vault and are never stored in the code repository.
6.4 Payments / card data. Payment gateways are disabled until launch, so no card data is stored; when enabled, card data is handled by the PSP, which is responsible for PCI-DSS compliance for the processing it performs (clause 14A.2 of the Terms).
6.5 Audit log. Every change is recorded in the platform audit log (who, what, when, and IP), supporting security, accountability, and dispute resolution.
6.6 Access control and purpose limitation. Access to personal data — especially sensitive identity and KYC documents — is limited to those who need it for the purposes in clause 3, and the purpose-limited, per-Booking disclosure regime in clause 8.2 of the Terms applies to any Performer document delivered to a Client.
6.7 No method is perfectly secure. While we take these measures seriously, no method of transmission or storage is completely secure; we cannot guarantee absolute security, but we maintain and review safeguards on an ongoing basis and will notify affected persons and the competent authority of a qualifying personal-data breach as required by the PDPL.
7. International Data Transfers
7.1 Cross-border processing. The Portal serves Users of many nationalities, and some of our processors operate, or store data, outside the UAE — including WhatsApp/Meta for WhatsApp messaging (clause 4.5) and potentially certain hosting, communications, analytics, or payment providers.
7.2 Transfer basis. Where we transfer personal data outside the UAE, we do so in accordance with the UAE Personal Data Protection Law, relying on an appropriate transfer basis — such as transfer to a jurisdiction recognised as providing an adequate level of protection, appropriate contractual safeguards with the recipient, or your explicit consent where required.
7.3 Your consent. Consistent with clause 27.3 of the Terms, by using the Portal and the relevant channels (including WhatsApp) you consent to the cross-border transfer of your personal data as described in this Policy, in addition to any other lawful basis on which we rely.
8. Retention — How Long We Keep Your Data
We keep personal data only for as long as necessary for the purposes in clause 3 or as required by law. The following retention schedule applies (consistent with the data-safety/retention/erasure provisions agreed for the Portal).
| Data | Retention |
|---|---|
| Financial / AML records (invoices, credit notes, wallet transactions, bookings) | 5 years after the transaction (UAE AML + tax law) — kept even after account deletion, in anonymised form |
| Tax records (VAT invoices, TRN) | 5 years |
| Identity / KYC documents | Kept until the verification need ends or the account is deleted, then deleted (subject to any active dispute or AML hold) |
| Agreement-acceptance record (timestamp + document set) | Retained as proof of contract; the signatory name is scrubbed on erasure |
| Audit log | Retained for security and compliance |
| Discovery / impression data (clause 2.6A) | Raw rows kept only for a short rolling window (the fair-ranking look-back plus a brief buffer, ~30 days) and then automatically deleted; account-keyed impressions are also removed on account deletion |
| Profile analytics — views and engagement (clause 2.6B) | Raw rows kept for a rolling window covering the analytics look-back the owner can view plus a buffer (~120 days), then automatically deleted; account-keyed rows (your signed-in viewing trail) are also removed on account deletion. Anonymous, de-duplicated rows are not linkable to a named person and age out within this window |
| Marketing / notification preferences, profile content | Retained until account deletion |
8.1 Holds. Where data is subject to an active dispute, chargeback window, AML/CFT review, regulatory request, or legal claim, we may retain it for as long as necessary to deal with that matter, after which the schedule above resumes.
8.2 Anonymisation. Where we are required to keep financial/AML records after an account is deleted, we retain them pointing at an anonymised profile, so the records satisfy the legal obligation without continuing to identify you beyond what the law requires (see clause 10).
9. Your Rights as a Data Subject
Subject to the conditions and exemptions in the PDPL, you have the following rights over your personal data. To exercise any of them, contact us using the details in clause 13; we will respond within the period required by the PDPL.
9.1 Right of access. To obtain confirmation of whether we process your personal data and to receive a copy of it.
9.2 Right to rectification. To have inaccurate or incomplete personal data corrected or completed (you can also update much of your Account data directly in the Portal).
9.3 Right to erasure / account deletion (implemented). To request deletion of your personal data and to delete your account — see clause 10, which describes the implemented account-deletion flow and exactly what is scrubbed and what is retained.
9.4 Right to restrict / object to processing. To request that we restrict processing in certain circumstances, and to object to processing carried out on the basis of our legitimate interests or for direct marketing.
9.5 Right to withdraw consent. Where processing is based on consent (for example marketing, the use of Artwork / Likeness, or the per-Booking disclosure of Performer documents), to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal. Withdrawing a consent that is necessary to provide the Service may mean we can no longer provide that part of the Service.
9.6 Right to data portability. Where applicable under the PDPL, to receive certain personal data you provided to us in a structured, commonly used, machine-readable format. You can also download your agreements, invoices, and transactions as PDF from your account documents area (e.g. /account/documents).
9.7 Right to object to automated decisions. Where applicable, not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects, and to request human review. Our risk and fraud controls (clause 3.7) escalate to human review before significant action is taken.
9.8 Right to complain. To lodge a complaint with us (clause 13) and with the competent UAE data-protection authority. This does not remove your separate right to escalate a consumer complaint under clause 26.3 of the Terms.
9.9 Limits. These rights are subject to the PDPL's conditions and exemptions, including where retention is required by law (clause 8) or where a request would prejudice an active AML/CFT, fraud, security, or legal-claims matter.
10. Right to Erasure / Account Deletion — How It Works
This clause describes our implemented account-deletion flow and aligns in substance with the data-safety/retention/erasure provisions agreed for the Portal.
10.1 How to delete. A User may delete their account in the Portal (Settings → Delete account, e.g. /settings).
10.2 What we scrub and delete. On deletion, we:
- scrub personal data — name, email, phone, WhatsApp number, company name, city, bio, avatar, TRN, and signatory name;
- delete uploaded documents — both the files and their records;
- hide the user's Listings;
- block the account; and
- delete the sign-in (authentication) user.
10.3 What we retain — anonymised financial records. We retain the financial / AML records described in the retention schedule (clause 8) — invoices, credit notes, wallet transactions, and bookings — because UAE AML and tax law require it (a 5-year obligation). After the scrub, those retained records point at an anonymised profile: they continue to satisfy the legal obligation but no longer identify you beyond what the law requires. The agreement-acceptance record is retained as proof of contract with the signatory name scrubbed.
10.4 Audited before scrub. The deletion action is recorded in the platform audit log before the scrub is carried out, so there is a tamper-evident record that the erasure took place.
10.5 Holds. Erasure may be deferred where data is subject to an active dispute or AML/CFT hold (clause 8.1), and is completed once the hold ends.
11. Children
11.1 Adults only. The Portal is intended only for adults. You must be at least 18 years old (or the age of majority in your jurisdiction, if higher) to use the Portal (clause 2.3 of the Terms).
11.2 No knowing collection. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected personal data from a person under 18, we will delete it. If you believe a minor has provided us with personal data, please contact us using the details in clause 13.
12. Cookies and Similar Technologies
12.1 What we use. The Portal uses cookies and similar technologies (such as local storage and device identifiers) that are strictly necessary to operate the Portal (for example to keep you signed in, secure the session, and remember your preferences), and — subject to your choices — technologies for analytics (clause 3.9) and, where you opt in, marketing.
12.2 Your choices. You can control non-essential cookies through your browser or device settings and, where provided, through an on-Portal cookie/consent control. Disabling strictly necessary cookies may prevent parts of the Portal from working.
12.3 Third-party technologies. Some cookies or similar technologies are set by the third-party providers in clauses 4 and 5 (for example analytics or messaging providers), subject to their own terms and privacy policies.
13. Contact and Complaints
13.1 Contact us. For any question about this Policy, to exercise a data-subject right (clause 9), or to make a privacy complaint, contact the Controller:
- TRANSCENDA COMPUTER SYSTEMS & COMMUNICATION EQUIPMENT SOFTWARE DESIGN EST.
- Registered office: Office 305-A, 3rd Floor, Mozna Building, Al Qusais 1, Deira, Dubai, UAE.
- Privacy / data-protection contact: [email protected], or any designated contact channel published on the Portal.
13.2 Regulator. You also have the right to complain to the competent UAE data-protection authority (clause 9.8).
14. Changes to This Policy
14.1 Updates. We may update this Policy from time to time, including to add, change, or remove a processor / sub-processor (clauses 4.11 and 5), to reflect changes in the Services, or to reflect legal or regulatory change. The named sub-processor list and processor categories may be updated without amending the Terms (clauses 14B.2 and 14B.4 of the Terms).
14.2 Notice. We will update the "Last Updated" date above and, for material changes affecting your rights, give notice through the Portal or by email in line with clause 20 of the Terms. Your continued use of the Portal after the effective date of an update constitutes acceptance of the updated Policy, subject to any consent or affirmative-acceptance requirement under mandatory law.
14.3 Versioning. Versions of this Policy are versioned, timestamped, and archived (clause 24 of the Terms).
Questions about this document? Email [email protected] or see all legal documents.