1. INTRODUCTION
MD SOFTWARE L.L.C-FZ ("Company", "we", "our") respects your privacy and is committed to protecting personal data in accordance with UAE Federal Decree-Law 45 of 2021 on the Protection of Personal Data (PDPL) and Meydan Free Zone Data-Protection Regulations. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it and the rights and choices you have.
2. DATA WE COLLECT
- Identification Data: full name, nationality, Emirates ID/passport, date of birth.
- Contact Data: email, phone, business address.
- Company Data: trade licence, UBO details, shareholding, processing history.
- Financial Data: bank statements, processing volumes, chargebacks.
- Usage Data: browser type, pages viewed, clickstream (collected via cookies/analytics).
- Communications: emails, live-chat or support tickets.
3. HOW WE USE YOUR DATA & LAWFUL BASES
| Purpose | Lawful Basis (PDPL) |
|---|---|
| Verify identity & perform KYC/KYB screening | Legal obligation; legitimate interests |
| Match you with payment Processors | Performance of contract |
| Send transactional emails & service updates | Performance of contract |
| Marketing (with consent) | Consent |
| Improve Services & security monitoring | Legitimate interests |
4. COOKIES & TRACKING
We use strictly-necessary cookies for authentication, and optional analytics cookies (Google Analytics 4) to analyse aggregated usage. You can manage cookie settings via your browser. Refusing analytics cookies will not impair core functionality.
5. DISCLOSURE OF DATA
- Processors: vetted payment providers receive your KYB/KYC package.
- Vendors: cloud hosting (AWS UAE), email (Postmark), analytics (Google).
- Regulators: UAE authorities or courts when lawfully requested.
- Corporate actions: in the event of merger or sale, subject to confidentiality.
6. INTERNATIONAL TRANSFERS
Where we transfer personal data outside the UAE, we rely on PDPL-compliant safeguards such as contractual clauses and ISO 27001–certified data centres. A copy of relevant safeguards can be requested via the contact details below.
7. DATA SECURITY
We employ TLS 1.3 encryption in transit, AES-256 encryption at rest, MFA for staff, ISO 27001-aligned policies and yearly penetration testing. However, no transmission is 100 % secure and you acknowledge this risk.
8. RETENTION
Personal data is retained for the duration of our relationship plus 6 years to comply with AML record-keeping obligations, unless a longer period is required by law or necessary to defend legal claims.
9. YOUR RIGHTS
You have the following rights under the PDPL (subject to limited exceptions):
- Access – obtain a copy of the personal data we hold about you.
- Correction – request rectification of inaccurate or incomplete data.
- Erasure – request deletion where processing is no longer necessary.
- Restriction – ask us to limit processing pending verification.
- Objection – object to processing based on legitimate interests.
- Portability – receive data in a machine-readable format.
- Withdraw consent – for marketing at any time.
- File a complaint with the UAE Data Office.
10. CHILDREN
The Services are intended for businesses only. We do not knowingly collect data from anyone under 18.
11. CHANGES TO THIS POLICY
We may update this Policy from time to time. Material changes will be notified via email or banner. The "Last updated" date indicates the current version.
12. CONTACT
For privacy questions or to exercise your rights, contact our Data-Protection Officer at [email protected] or write to: DPO, MD Software L.L.C-FZ, Meydan Grandstand, Nad Al Sheba 1, Dubai, UAE.