PRIVACY POLICY

1. General information about data handling

  • This Privacy Policy outlines the information that we collect about you when you use our website (“Site”) and the services (“Services”) as detailed out in Terms of Use [“Insert the Link to the TOU”] and how we use it. This Privacy Policy does not apply to any information you may provide to us or that we may collect offline or through other means (such as at a live event, by phone, or through the mail).
  • This Privacy Policy is specifically tailored for individuals and users who interact with our Site and the Services (as defined in Terms of Use) and explains how we collect, use, store, and protect your data in compliance with the UAE data protection laws, including the UAE Federal Law No. 45 of 2021 on the Protection of Personal Data (‘PDPL’), as well as international European standards reflected in the General Data Protection Regulation (GDPR) and other ancillary legislative instruments.
  • Our aim is to provide a holistic and supportive environment for individuals seeking insights, products, and guidance in relation to the Services. It also details the measures we take to protect this sensitive information. We prioritize the privacy and security of our users’ personal information. We employ robust data protection measures, including secure data storage, encryption, and adherence to applicable data protection regulations.
  • The protection of your private rights and freedoms is important to us. We only use data for the purposes intended. It is imperative to us that you always know to what extent we collect, use and, if necessary, pass your data onto third parties, we will subsequently inform you in detail about the processing of your personal data. It is pertinent to mention that we collect, store or use your personal information for specific purposes. We use your information to support and enhance our service and relationship with you, to share products, services, news and other offerings with you, or for other legitimate reasons described by law. We share personal data within our company or (if need be) to third parties with your implicit consent, or as required by law, or with companies that help the provisioning of Services in order to fulfil its obligations with you and who share considerably same commitment to protecting your privacy and data.
  • As iterated above, the EDA Wealth places a strong emphasis on the privacy and security of personal information, adhering to stringent data protection regulations including but not limited to the UAE laws and GDPR. This commitment is reflected in the implementation of advanced data protection measures, to secure data storage and encryption, ensuring the confidentiality and integrity of user data.

2. The data we collect about you.

  • Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

In furtherance to provisioning of Services, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Personal Information: This can include details such as the user’s name, email address, physical address, phone number, age, sex, and date of birth. This information is typically collected during the registration or sign-up process to create and manage user accounts.
  • Account Credentials: To secure user accounts, it may be necessary for users to create a username or unique identifier along with a password or other authentication credentials.
  • Transaction Information: When users engage in purchasing Services on the site, transaction-related information is collected. This includes details such as the items purchased, prices, payment methods, shipping addresses, and order history.
  • Payment Information: Users are usually required to provide payment details, such as credit card numbers, bank account information, or payment processor account information. To enhance security, this information is typically encrypted and handled by trusted third-party payment processors.
  • Usage Data: We may collect data about your interactions with their Services, such as the exercises you complete, the actions you take, and the duration and nature of your Service utilization. This data helps improve user experience and may be used for analytics purposes.
  • Communication Data: If you communicate with the us via Site or service provider through their platform (e.g., via messaging or email), those communications may be collected and stored.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We also store records of your communications with us for quality assurance and training purposes, ensuring that we can continually improve our customer support and service delivery.

If you fail to provide personal data where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel the Service you have with us and will accordingly notify you if this is the case at the time.    

3. How is your personal data collected?

We use different methods to collect data from and about you. You may give us data by filling in forms on our Site or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you may:

  • register for access or create an account on our Site.
  • give us some feedback.  
  • Automated technologies or interactions. As you interact with our Services, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
  • We may receive personal data about you from various third parties and public sources including without limitation to from the following parties: analytics providers such as Google, based outside the EU.
  • We would typically store user data on secure servers or cloud platforms. These storage systems may employ encryption and other security measures to protect the data from unauthorized access or breaches. Data will be stored in compliance with applicable data protection regulations.

4. How we use your personal data

We will only use your personal data as stipulated in this privacy policy which is considered as an explicit consent from you and/or when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Using the information, we collect, we are able to deliver the Services available to you and honor the terms and conditions of the contract (as and if applicable) with you. For example, we need to use your information to provide you your device activity, and to give you customer support for provisioning of Services.
  • The information we collect is also used to help improve and personalize the Services and the application and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and services.
  • In addition to the purposes mentioned, it is important to explicitly state that the information we collect plays a crucial role in the ongoing improvement and personalization of our Services and the Site, as well as in the development of new products and features.

Specifically, we use this data to:

  • Troubleshoot and protect against errors.
  • Perform data analysis and testing.
  • Conduct research and surveys.
  • Develop new features and services.
  • To use your tax data and the UAE tax declaration platform for tax declaration purposes.
  • We may share your company financial details with the UAE tax authorities as required for compliance with tax regulations.
  • We also use your information when needed to send you notifications and respond to when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most notifications by using your notification preferences or via the “unsubscribe” link in an email or as otherwise directed on the Site.
  • The information we collect is also used to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies. Similarly, to manage your account and provide you with customer support.
  • We may also use the data to use third-party tools such as Hubdoc, Xero, QuickBooks Online (QBO), and other similar tools to process your financial information. For avoidance of doubt, by using our services you expressly agree and acknowledge the privacy policies of these third parties which are available through their websites.
  • Where we need to perform the contract we are about to enter into or have entered into with you. Note that, in this context, a contract does not have to be a formal signed document, or even written down, as long as there is an agreement which meets the requirements of contract law.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.
  • In addition to using your information for service delivery, we also use it to create and maintain a comprehensive user profile. This helps us in offering personalized recommendations and targeted services that align with your specific requirements and preferences.
  • We also use aggregated and anonymized data for research and development purposes. This data, which no longer identifies you, helps us in improving our existing services and developing new features and technologies.

5. Purposes for which we will use your personal data

  • We have set out herein this privacy policy, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests as detailed out in the Terms of Use. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
  • We may use your identity, contact, and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you in our marketing activities. You will receive marketing communications from us if you have requested information from us or purchased services from us.

6. Opting out

  • You can ask us to stop sending you marketing by following the opt-out links on any marketing message sent to you or by contacting us at any time.
  • Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, even registration, product/service experience or other transactions as we may still need to communicate with you about these products or services.
  • While transferring your data internationally, we ensure that it is protected with the same level of security and confidentiality as it is within your home country. We use advanced encryption and security protocols for data transmission to safeguard your information against unauthorized access or breaches.
  • To further enhance the security of your credit card information, we continuously monitor our systems for potential vulnerabilities and attacks, and we work closely with our payment processing vendors to ensure the highest level of security compliance.

7. Change of purpose

  • We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
  • If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so, of course you entitled to object to this new use of your data.
  • Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.  

8. Disclosures of your personal data

  • We may have to share your personal data with the parties set out herein this policy.
  • We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.    
  • We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

9. Data retention - How long will you use my personal data for?

  • We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
  • To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  • In some circumstances you can ask us to delete your data. Similarly, in certain instances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.    

10. Data Transfers and International Operations

  • We operate internationally and transfer information to the other countries for the purposes described in this policy. We rely on several legal bases to lawfully transfer personal data around the world.
  • Please note that the countries where we operate may have privacy and data protection laws that differ from and are potentially less protective than the laws of your country. You agree to this risk when you create your account, irrespective of which country you live in. If you change your mind and would like to withdraw your consent, you can delete your account.
  • When processing personal data, we strictly adhere to the requirements of the EU Data Protection Regulation (GDPR) and, if necessary, other data protection regulations as applicable. At any time you may contact us with any questions or concerns you may have with respect to this privacy policy. If you live in the European Economic Area, UK, or Switzerland, please review these additional privacy disclosures under the EU’s General Data Protection Regulation (GDPR).
  • Chapter III of the EU Data Protection Regulation (GDPR) provides for extensive rights for data subjects, which we will explain to you below with regard to the processing of your personal data:
    1. The right to be informed: This specification applies in particular to the following data processing details:
    1. The purpose of the processing operation
    2. Categories of data
    3. If necessary, recipient or categories of recipients
    4. If necessary, the planned storage duration or the criteria for determining this duration
    5. Information on the respective right to correction, deletion, restriction or objection
    6. Existence of a right of appeal to a supervisory authority
    7. If necessary, origin of the data (if not collected from you)
    8. If necessary, existence of automated decision making including profiling, and including meaningful information about the logic involved, the scope and the expected effects
    9. If necessary, (planned) transfer to a third country or international organization

     

    1. The right of rectification

    If necessary, we will correct faulty data immediately if you inform us about the circumstance accordingly.

     

    1. The right to deletion

    If the processing is no longer necessary and one of the following conditions is fulfilled:

    1. Expiry of the purpose of processing
    2. Withdrawal of your consent and the absence of any other legal basis for processing
    3. Opposition to processing without an important reason to the contrary
    4. Illegal processing
    5. Required to fulfil a legal obligation
    6. Data collection in accordance with Art. 8 para. 1 GDPR
    7. As part of the deletion request, we may pass on your request to those third parties to whom your data was previously transferred.
  • The right to restriction of processing: Provided one of the following conditions is met:
  • You dispute the accuracy of your data (restriction may be made on our site for the duration of the verification)
  • In the event of unlawful processing and provided that the data is not to be deleted, deletion shall be replaced by restriction of processing
  • If the processing purposes expire, at the same time you need your data to assert, exercise or defend legal claims
  • After your objection pursuant to Art. 21 para. 1 GDPR and for the duration of the examination, whether our justified reasons outweigh yours.

The right to data portability

As long as it is technically possible and the rights and freedoms of other persons are not affected, we will – at your request – transfer your data to another recipient (data controller).

Right to object

If we collect personal data from you or have it collected and process it (on the basis of Art. 6 Para. 1(e) or (f) or Art. 9 Para. 2(a) GDPR), you have the right to object to data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be invalid, e.g. if we can prove compelling legitimate interests for processing that outweigh your interests, or processing serves to assert, exercise or defend legal claims.

Automated individual decision-making including profiling

If we collect personal data from you or have it collected and process it, you have the right not to be subject to decision based exclusively on automated processing – including profiling – which has a legal effect on you or significantly impairs you in a similar manner. Exceptions to this requirement apply if the decision to conclude or fulfil a contract between you and us is necessary or if you have expressly consented to the processing. In any event, we will take reasonable measures to protect your rights and freedoms and your legitimate interests, including at least the right on our part to obtain the intervention of a person to express our position and to challenge the decision.

Right to withdraw consent under the data protection laws

You have the right to revoke your consent to the processing of personal data at any time in accordance with the terms of this policy and provided that EDA Wealth has duly acknowledged receiving the request for such withdrawal by user.

Deletion or blocking of personal data

We store your personal data only for the period necessary to fulfill the intended purpose. After elimination of the purpose and after expiration of any existing retention periods, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.

Obligation to provide personal data

Under certain conditions (e.g. due to legal or contractual regulations) you have the obligation to provide us with your personal data. Examples of such processing are as follows:

  • In addition to the various controls that we offer, in certain circumstances, you can seek to restrict our processing of your data, or object to our processing of your data based on our legitimate interests. Under the GDPR, you have a general right to object to the use of your information for direct marketing purposes. Similarly, under HIPAA, you have specific rights regarding the use and disclosure of your health information. This includes the right to request restrictions on certain uses and disclosures of Protected Health Information (PHI), especially disclosures to health plans for services you have paid for out-of-pocket in full. Please note that you can always delete your account at any time.

11. Credit Card Information Protection

  • We understand the sensitivity and importance of your credit card information, and we are committed to ensuring its security and confidentiality. We engage third-party vendors to facilitate payment processing and related services. These vendors are carefully selected, and we ensure that they adhere to stringent security measures to protect your credit card information. Our third-party vendors are contractually bound to comply with security standards that align with or exceed industry best practices. Regular assessments and audits are conducted to verify that vendors maintain the required security standards.
  • While we take every reasonable precaution to protect your credit card information, we cannot guarantee absolute security due to the inherent risks associated with electronic transmissions. By using our Services, you acknowledge and accept these inherent risks and limitations.

12. Limitation of Liability

  • To the fullest extent permitted by applicable law, EDA Wealth, its affiliates, directors, officers, employees, agents, or partners (collectively referred to as “Company”)shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages, including but not limited to, damages for loss of profits, goodwill, data, or other intangible losses, arising out of or in connection with your access to, use of, or inability to use our Services, or any unauthorized access to or alteration of your personal data.
  • This limitation of liability is subject to the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), and any other applicable UAE legislation. We comply with the requirements of UAE laws, and nothing in this clause shall limit your rights under applicable UAE data protection laws.
  • The Company shall not be responsible or liable for the acts or omissions of any third-party service providers or other third parties to whom we may disclose personal data under the terms of this privacy policy, except to the extent required by UAE laws.

13. How to Contact us

  • Should you have any questions about this policy or need help in exercising your rights in relation to this policy, please contact our Data Protection Officer at Email: Support@edawealth.com

Sign up for the newsletter

Privacy Policy

Terms and Conditions