Privacy Policy

Last updated: June 2026

1. Data Controller & Contact

The PDPL Compliance Tool is operated by the organisation that deploys it. This tool processes data within the United Arab Emirates on servers hosted by Oracle Cloud (UAE region). All personal data remains within UAE borders at all times, in compliance with UAE Federal Decree-Law No. 45 of 2021 (PDPL).

For privacy-related inquiries, contact your organisation's appointed Data Protection Officer (DPO) through the Company Settings page.

2. What Data We Collect

When you use this tool, we process the following categories of data:

  • Account Information: Name, email address, job role, and company association.
  • Company Information: Company name, size, sector, emirate, trade license number, and data processing details you enter.
  • Compliance Data: Assessment answers, policy documents, DSAR records, consent records, breach reports, and audit logs.
  • Usage Data: Login timestamps, page interactions, and activity logs for audit trail purposes.
3. Purpose of Processing

Your data is processed exclusively for the purpose of managing and tracking your organisation's compliance with the UAE PDPL. This includes:

  • Running self-assessments and calculating compliance scores
  • Generating PDPL-compliant policy documents
  • Managing Data Subject Access Requests (DSARs)
  • Tracking consent records and data breaches
  • Maintaining audit trails for regulatory accountability
4. Data Storage & Security

All data is stored and processed exclusively on Oracle Cloud infrastructure located within the UAE. We implement appropriate technical and organisational measures including:

  • Encryption at rest and in transit
  • Access controls based on role and need-to-know
  • Regular security assessments
  • Session management and authentication controls
5. Data Retention

Data is retained for as long as your organisation maintains an active account. Upon account closure or deactivation, data will be securely deleted within 90 days unless retention is required by applicable UAE law.

6. Your Rights Under PDPL

As a data subject, you have the following rights under UAE PDPL (Federal Decree-Law No. 45 of 2021):

  • Right of Access (Art. 16): Request a copy of your personal data we hold.
  • Right to Correction (Art. 17): Request correction of inaccurate data.
  • Right to Deletion (Art. 18): Request deletion of your data where applicable.
  • Right to Portability (Art. 19): Receive your data in a structured format.
  • Right to Object (Art. 20): Object to processing based on legitimate interest.

To exercise these rights, contact your organisation's DPO or use the DSAR management features within this tool.

7. Data Sharing & Third Parties

We do not sell, rent, or share your personal data with third parties except:

  • As required by UAE law or regulatory authorities
  • With third-party data processors bound by a Data Processing Agreement (DPA)

Any third-party processors used by this tool are listed in your organisation's processor register and are subject to appropriate contractual safeguards.

8. Limitation of Liability

This tool is provided as a compliance assistance tool only. It does not constitute legal advice. The owners, operators, and developers of this website shall not be held liable for:

  • Any compliance deficiencies, regulatory penalties, or legal consequences arising from the use of this tool
  • Inaccuracies, omissions, or outdated information within the tool's question bank or generated documents
  • Any decisions made or actions taken based on the tool's recommendations or compliance scores
  • Any data breaches, security incidents, or data loss occurring through the use of this tool

Users are strongly advised to consult qualified legal counsel for all PDPL compliance matters. This tool is a starting point, not a substitute for professional legal advice.