PRIVACY POLICY

Last Revised on: 31/01/2021 

Thank you for visiting our website (and/or facilities, referred to herein below). Your privacy and Personal Data, together with its protection is of paramount importance to us.

IMPORTANT INFORMATION

This Privacy Policy, as amended or otherwise changed from time to time, sets out how Verofax Limited (including all subsidiary and affiliated entities; hereinafter referred to as “Verofax”, “we”, “us” or “our” as the context requires) collects, processes, uses, maintains, stores, transfers, discloses, erases or destroys confidential and personally identifiable user data, obtained from and through our platforms and related services offerings, via the Verofax website, application and its platforms or portals (collectively referred to as “Verofax Facilities” or “Facilities”).

We respect your privacy and aim to promote trust and confidence on the internet. As such, we feel it is necessary to disclose to you what data our Facilities collect and track, and further, what we do with the data that we collect or receive, and with whom do we share such data and for what purposes.

This Privacy Policy should be read and interpreted together with our Terms and Conditions. 

Terms which are not defined in this Privacy Policy shall have the meanings ascribed to them in the Terms and Conditions.

User Consent: shall refer to when you, the visitor (hereinafter referred to as “User”, “you”, “your”), access, visit, browse and use any facility or content owned or operated in reference to the Verofax Facilities (which is owned, operated, maintained or mandated under service to/by Verofax) and in doing so specific, informed and unambiguous consent to Verofax’ data protection and management practices as described in this Privacy Policy. Such User Consent is further reflected in your application for the creation of a User account, if applicable.

Data Subject: means any User whose confidential and personally identifiable User data is being collected, processed, used, maintained, stored, transferred, disclosed, erased or destroyed. For ease of understanding: you, as a User of the Facilities will be a Data Subject.

Data Controller: means a person who (either alone or jointly with other persons) determines the purposes for and the way any Personal Data is to be processed. Verofax is the Data Controller for all data collected from Users, and it is also the Data Processor (defined below). Data protection is important to us and we adhere to all applicable data protection laws and regulations globally, which include, but are not limited to the United Arab Emirates (“UAE”), the Abu Dhabi Global Markets (“ADGM”) and where applicable to individuals in the European Union (“EU”), the European Economic Areas (“EEAs”) and the member states of the European Free Trade Association (“EFTA”), the United Kingdom (read together with the Data Protection Act 2018), the General Data Protection  Regulation (“GDPR”) for the purposes mentioned in this Privacy Policy, as applicable. 

Data Processor: means any person (other than an employee of the data controller) who processes Personal Data of a Data Subject, on behalf of the Data Controller. Verofax may act as a Data Processor and process your Personal Data directly; and if necessary, is authorised by you to process your Personal Data through authorized agents, vendors, service providers or third parties of Verofax, who may be chosen by us.

CHANGES TO THIS PRIVACY POLICY

From time to time, Verofax may revise, amend or supplement this Privacy Policy to reflect necessary changes in law, our Personal Data collection and usage practices, the features of Verofax Facilities, or certain advances in technology. If any material changes are made to this Privacy Policy, the changes will be prominently posted on the relevant or affected Verofax Facilities. Verofax, however, requires and specifically places on you the onus of occasionally familiarizing yourself with the contents of this Privacy Policy, for your own information; and particularly to do so every time you access our Facilities or make use of our services. 

Changes to this Privacy Policy are effective when they are published.

Users’ data collected and processed through, the UAE, the EU and/or EEA, the UK or the ADGM is done so in accordance with the relevant principles, including: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security) and accountability; with all relevant laws and regulations considered; and however applicable. 

CONSENT FOR LEGAL OBLIGATIONS AND LEGITIMATE INTERESTS

You consent to your Personal Data being processed to satisfy all legal obligations arising from any contracts entered into with / involving you or to deliver any services to you; or to take steps at your request prior to entering into a contract with you; or for our legitimate interests to protect our property, rights or safety of either Verofax, its Users, customers, clients, other persons or other entities.

INFORMATION WHICH VEROFAX COLLECTS

Verofax collects Personal Data and Anonymous Data of Data Subjects only the manner as described below:

Personal Data means: data that allows someone to identify or contact a Data Subject, including, for example: your name, job title, address, telephone number, e-mail address, demographic information such as postcode, personal preferences, and interests, together with any other non-public information about you that is associated with or linked to any of the foregoing data and relevant to your application for, access to or use of our Facilities.  

Anonymous Data means: data that is not associated with or linked to your Personal Data. Anonymous Data (i.e. encrypted or sufficiently Pseudonymized data) does not, by or in itself, permit the identification of individual persons.

Please note that you will, generally, not be required to pay a fee to access your Personal Data (or to exercise any of the other rights), however, that we may charge a reasonable fee (determined at our sole discretion and which is payable by you if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under the aforementioned circumstances, or where permitted by law to do so; or not being compelled to do so under law.

Information which may be further required from you: We may request specific information from you to help us to confirm and verify your identity, to ensure that you can exercise your rights to access your Personal Data or to exercise any of your other rights, as determined by contract, the law or otherwise. This is a security measure to ensure that Personal Data is not disclosed to any unauthorised person, who has no right to view, access or receive it. We may also contact you to ask you for further information in relation to your request, to speed up our response to any request received from you, when you choose to exercise your rights. 

If you fail, neglect and/or refuse to provide us with your Personal Data: Where we need to collect Personal Data by law, or under Verofax’ Terms and Conditions and you are not comfortable sharing the requested data with us, we may not be able to perform the services and make available to you Verofax’ Facilities. In this case, Verofax shall have the right to discontinue the services and/or may close your User account or service request, however applicable. Verofax undertakes to notify you if this is the case at the time.

Here are the Personal Data points which Verofax will collect from you or any third party who you have given consent to, to collect, process and share your data:

Personal Data collected from you 

We may collect Personal Data from you such as your first and last name, contact number and information, including your e-mail address, demographic information such as postcode, preferences, and interests as well as any other non-public information about you that is associated with or linked to any of the foregoing data and relevant to your application for our Facilities. 

Geo-location: If you tell us where you are (i.e. by allowing any of your devices, mobile device or computer to send us your geo-location), we may store that information.

Phone and mobile device identification number: Certain services, may require our collection, use, processing, transfer and storage of your phone number and possibly other data. We may associate that phone number to your mobile device identification information. 

Information provided in interactions: If you provide us feedback, contact us or subscribe to receive updates, we will collect your name and e-mail address (as applicable), as well as any other content included in form in which it was received (i.e. the details and content of an email), in order to send you a reply or in to contact you. We also collect other types of Personal Data that you voluntarily provide to us when contacting us – i.e. in seeking support services via email, information submitted via an online contact form, other contact information, or other information provided to support services staff.

Other data: We may collect other data, including but not limited to referral Uniform Resource Locators (“URLs”), your location and analytics information related to the usage of our facilities.

Information collected by our Facilities: Some information is collected by our Facilities, including, but not limited to our websites, applications, platform, networks and servers. Our servers (which may be hosted by a third party service provider) collect information from you, including your browser type, Internet service provider (“ISP”), referring/exit pages, operating system, Internet Protocol (“IP”) address (which is a number that is automatically assigned to your computer or device when you use the Internet and which may vary from session to session), domain name, and/or a date and time stamp for your visit to our facilities, as well as clickstream data.

Information collected by cookies: Cookies are selected pieces of information that a website or platform (included in our Facilities) sends to your device or computer’s hard drive to store information on your device for ready reference. While you are viewing or using our Facilities, our cookies may store some information on your device/ hard drive for a smooth user experience. We presently do not collect any information via our cookies. Should we commence with collecting information through our cookies we will promptly update this Privacy Policy. 

Personal Data collected from third parties

We may also collect other Personal Data supplied by third-party entities (including Governmental authorized, mandated entities or other Users) and service providers / agents in the outsourcing of services, including, but not limited to third party identity verification sources and services; and verification via social networking websites to facilitate the provision of Verofax Facilities. We will gather information from third parties and service providers who you have authorized to collect, process and share your Personal Data.

Personal Data of minors

Be advised that Verofax’ Facilities and services do have age requirements and will not be available to minors. This will be specified in respect of each relevant service or facility in Verofax’ procedure of obtaining the required consent and permissions from Users. Verofax does not and will not knowingly solicit or collect information from anyone who is not of legal age. Should we retrospectively become aware that a minor has provided us with personal information where such services and / or facilities are unavailable to minors, we will erase such information it immediately and close the related User Account.

VEROFAX’ USE OF THE INFORMATION IT COLLECTS

We will only use your Personal Data in a legally compliant manner. All our use and processing of your Personal Data will fall under these three heads:

1. Where we need to perform the service under your User account registration as a User of our services. 
2. Where it is necessary for our legitimate interests (or those of a third party), but where such interests do not override your fundamental rights; and/or where we need to comply with a legal or regulatory obligation.
3. For market research and promotion.

We will not sell, distribute or lease your personal information to third parties in relation to the provision of services or Facilities, unless we have your permission or are required by law to do so. 

Using and Processing your Personal Data to provide You the Verofax Facilities

We may use and process your Personal Data to provide you Verofax Facilities in these ways:

1. To facilitate the creation of and to secure your User account on the Verofax Facilities.
2. To facilitate the internal record keeping with regards to your User account on the Verofax Facilities.
3. To prudently identify you and assess the qualification of your application.
4. To effectively conduct internal compliance checks and external compliance checks by certified vendors (where applicable).
5. To provide improved administration of our products, services and Facilities.
6. To improve the quality of your User experience when you interact with the Verofax Facilities.
7. To periodically send promotional information to you on new products, special offers or other information which we think you may find interesting.
8. To notify you about important changes or updates to the Verofax Facilities.
9. To identify, prevent, and report potentially suspicious, fraudulent, or illegal activities.
10. To conduct data analyses functions and generate operational reports for usage by the User.
11. To respond to your inquiries or other requests received.

We may use and process your automatically collected Personal Data to provide you Verofax Facilities in these ways:

1. All automated data collected is used for administration purposes, as well as to improve services and User experience. 

2. We use IP address information to make our Facilities and services more useful to you.

3. We use information from log files to analyse trends; operate, administer and maintain the facilities; track Users’ movements and activity around and within the Facilities; gather demographic information about our User base as a whole, and better tailor our Facilities to our Users’ needs. Except as noted in this Privacy Policy, we do not link this automatically collected data to Personal Data.

4. We use your Emirates ID Information provided and the data available on your Emirates Chip to verify your identity in your submitted form of identification during the onboarding and User registration or User Account creation process. This technology collects information from your biometric data and shares it with us. We use that information to verify your identity. We will store your biometric data for as long as is necessary to perform the services, and as long as the User account exists and will comply with applicable law relating hereto. By using the Verofax facilities and/or services you agree that Verofax may collect your biometric data to perform identity verification.

All payments concluded with respect to the Verofax Facilities shall be conducted securely via our third-party payment gateway. No User details, Personal Data and related financial information will be collected through the use of such payment gateway and no Personal Data will be misused for any purpose whatsoever.

Personal Data When Processed Without Consent

Please be advised that we my process your Personal Data without your knowledge or consent; and only where this is required or permitted by law. In general, the Personal Data submitted to us, is used either to respond to requests you make or to aid our service to you.

Verofax may be compelled to surrender User information to legal authorities without express User consent, if presented with a court order or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or other applicable jurisdiction.

Market research and promotional information 

We provided you with choices regarding the Personal Data that Verofax uses, particularly concerning any market research and/or subsequent marketing, advertising and promotion. We have established the following Personal Data control mechanisms:

• Promotional offers from Verofax: We may use your Personal Data to determine what may be of interest to you. This is how we decide which products, services, and offers may be relevant and of interest to you. By using our facilities, using our services, registering a User Account, in contacting us, in requesting information from us, you expressly opt-in to receive marketing communications from Verofax. We may communicate with you by e-mail, fax or telephone.

• Opting out: You can ask us or third parties to stop sending you marketing related material and/or communications at any time by following the opt-out links on any marketing message sent to you or by contacting us support@localhost or privacy@localhost.

HOW TO UPDATE YOUR INFORMATION

Whenever possible, you can update your Personal Data, subject to verification by Verofax. If you wish for Verofax to update your information, please contact us at info@localhost or support@localhost to make the required changes. 

We will retain your information for as long as your User account has not been closed or as may be needed to provide you access to your User account and/or services of Verofax; and in compliance with the law.

YOUR LEGAL RIGHTS (USER RIGHTS)

Under the EU’s GDPR, each Data Subject who shall be a citizen of the EU and to whom these laws are applicable has rights. These include:

1. Right to be informed: This means you have a right to know:
   1. the identity and the contact details of Verofax and its European representative; 
   2. the contact details of our data protection officer; 
   3. the purposes of the processing Personal Data as well as the legal basis for the processing; 
   4. the legitimate interests pursued by Verofax or by a third party who processes your information; 
   5. the recipients or categories of recipients of your Personal Data; 
   6. Verofax’ intention to transfer Personal Data to a third country or international organisation and the existence or absence of an adequacy decision by the relevant supervisory authority, or where applicable, reference to the appropriate safeguards and the means to obtain their copy. 
   7. The period for which the Personal Data will be stored, or if that is not possible, the criteria used to determine that period; 
   8. the various rights available to you under the GDPR; 
   9. whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the Personal Data and of the possible consequences of failure to provide such data; 
   10. the existence of automated decision-making, including profiling and meaningful information about the logic involved. 
   11. where Verofax intends to further process the Personal Data for a purpose other than that for which the Personal Data was collected, Verofax must apprise you, prior to such further processing, with information on those other purposes and with any other relevant information.
2. Right of access: This is your right to see what data is held about you by us. Particularly you have the right to:
   1. receive confirmation as to whether or not your Personal Data is being processed; 
   2. access your Personal Data which we are processing along with the purposes of processing; the categories of Personal Data being processed; the recipients or categories of recipient to whom the Personal Data has been or will be disclosed; the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period; where the personal data are not collected from the data subject, any available information as to their source.
   3. Where Personal Data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer. 
   4. a copy of your Personal Data being processed; 
   5. any further copies requested by you, upon paying a reasonable fee.
3. Right to rectification: This is your right to have your data corrected or amended if what is held by a Data Controller is incorrect / inaccurate in some way. You have the right to correct, amend and rectify any incorrect or inaccurate data held by us.
4. Right to erasure: This is your right, under certain circumstances, whereby you can ask for your Personal Data to be deleted. This is also referred to ‘the Right to be Forgotten’. This would apply if the Personal Data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been expressly withdrawn, or where Personal Data has been unlawfully processed. Your right to ask for your Personal Data to be deleted (only under certain circumstances, especially if that data is no longer required by us for the purposes it was collected for processing the data you had expressly withdrawn or if we have unlawfully processed your Personal Data. Once deleted all your Personal Data will be removed from our systems and will not be recoverable.
5. Right to restrict processing: This is your right to ask for a temporary halt or pause in processing of Personal Data, such as in the case where a dispute or legal case must be concluded, or the data is being corrected. 
6. Right to data portability: This is your right to ask for your Personal Data supplied directly to us, which we have processed pursuant to your consent, under a contract, or by automated means, to be provided to you in a structured, commonly used, and machine-readable or electronic format. 
7. Right to object: This is your right to object to the further processing of your data which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation and direct marketing. 
8. Rights in relation to automated decision making and profiling: This is your right not to be subject to a decision based solely on automated processing.
9. Right to lodge a complaint with the supervisory authority: You have the right to lodge a complaint with the supervisory authority of the member state in which you are habitually resident, or with the supervisory authority of the member state in which you work or in which your rights under the GDPR have been infringed if you believe such infringement has taken place.

Under the ADGM’s data protection and management regulations, you have the following rights:

1. Right to be informed: This means that when an ADGM registered company collects personal information from you, it must make clear what they are processing, why, and who else the data may be passed/transferred to or shared with. You have the right to know who, why and how your Personal Data is processed or shared. 
2. Right of access: You have the right to request us to confirm whether we hold any Personal Data in relation to you, the purpose of holding and processing the Personal Data, the categories of Personal Data concerned, to whom the Personal Data has been disclosed (in particular any third-parties outside of the ADGM), the envisaged period for which such Personal Data will be retained or the criteria used to determine such period, the existence of all the other rights you may have as a Data Subject, where the Personal Data is not collected from you, any available information as to its source, the existence of automated decision-making, including profiling; and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences for you of such processing. Where your Personal Data is transferred outside of ADGM or to an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer.
3. Right to rectification: If you have provided your Personal Data to us you have the right to request us to correct, rectify or erase your Personal Data at any time.
4. Right to be forgotten / erasure: This is your right, under certain circumstances, whereby you can ask for your Personal Data to be deleted. This is also referred to ‘the Right to be Forgotten’. This would apply if the Personal Data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been expressly withdrawn, or where Personal Data has been unlawfully processed. Your right to ask for your Personal Data to be deleted (only under certain circumstances, especially if that data is no longer required by us for the purposes it was collected for processing the data you had expressly withdrawn or if we have unlawfully processed your Personal Data. Once deleted all your Personal Data will be removed from our systems and will not be recoverable.
5. Right to restrict processing: this is your right to ask for a temporary halt or pause in processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
6. Right to data portability: This is your right to ask for any of your Personal Data supplied directly to the Data Controller which is processed pursuant to the provision of your consent, entering into a contract with the Data Controller or carried out by automated means, to be provided to you in a structured, commonly used, and machine-readable or electronic format. 
7. Right to object: If you have provided your Personal Data to us, you have the right to subsequently object to the processing of your Personal Data; you have the right to be informed before your Personal Data is disclosed for the first time to third parties or to be used for direct marketing, and you are offered the right to object to such uses.
8. Rights to file a complaint: If you feel that your Personal Data has been misused or disclosed without your permission, or that any of your data privacy rights have been violated by an ADGM registered company, you have a right to file a complaint with the Office of Data Protection, ADGM. To file a complaint, kindly complete the complaint forms and send them via email to [email protected]  
9. Rights in relation to automated decision making and profiling: Your right not to be subject to a decision based solely on automated processing.
10. Right to be notified: This is your right to be notified regarding any rectification or erasure of your Personal Data or any restriction of Processing. We will further communicate any rectification or erasure of your Personal Data; or restriction of processing to each third-party to whom your Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort.
11. Right to withdraw consent: This is your right to withdraw your consent at any time, specifically in a scenario where your Personal Data is being collected and processed pursuant to your initial consent. Any processing conducted lawfully prior to you withdrawing your consent will not be affected by the subsequent withdrawal of consent.
12. Right to compensation: This is your right to compensation if you suffer material or non-material damage because of our contravention of the ADGM’s Data Protection Regulations of 2020. To exercise such right you would be required to bring formal proceedings before the ADGM courts.

If you wish to exercise any of the rights set out above or any other laws concerning Personal Data (in so far as same is applicable), please contact us (privacy@localhost) in the first instance, so that we may resolve your query, feedback or complaint amicably.

Automated decisions: Please note that at this time Verofax does not utilise any automated decision making, however we may utilise such automated decision making in the future. At such a time we shall amend this Privacy Policy, and you may contest any automated decision by Verofax which has been made about you and where this has a legal or similar significant effect and ask for it to be reconsidered.

Time limit to respond to User requests in exercising your rights: We aim to respond to all legitimate requests without undue delay and within two (2) months calendar of receipt of any request from you. Occasionally it may take us longer than two (2) months if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).

DATA RETENTION AND RECORDS 

We retain information on your behalf, including customer data, transactional data and other session data, linked to your service usage or User account or registration account; and all access or use of the Facilities.

Verofax adheres to all applicable legislative provisions and data protection laws of each jurisdiction it operates in; hence Verofax shall retain and store a written Record of Processing Activities (“ROPA”) of how it processes all User specific data as recommended by the regulations. Should any further information be required, please contact us (privacy@localhost). 

Your Personal Data will be stored, retained and processed for a period of One (1) year from the date you as the User, close your Account. Notwithstanding the foregoing, Verofax may retain store, retain and process your Personal Data for a period longer than One (1) year, should Verofax be compelled to do so, to remain in compliance with applicable law enforcement purposes. 

DATA PROTECTION IMPACT ASSESSMENT 

In adherence to all applicable data protection laws of each jurisdiction it operates in, Verofax shall carry out regular assessments of the impact of the processing of User Personal Data, considering the risks to your rights (such assessments are referred to as a Data Protection Impact Assessment (“DPIA)). The outcome of such DPIA’s may result in the alteration and update of this Privacy Policy. Should any further information be required, please contact us (privacy@localhost).  

HOW VEROFAX TRANSFERS AND SHARES USER’S PERSONAL INFORMATION

1. We disclose your Personal Data, as described in this Privacy Policy.
2. It may be necessary to disclose your information to law enforcement agencies, regulators, government/public officials, or other relevant third parties to comply with any law, subpoenas, court orders, government requests, to defend against legal claims, investigate or bring legal action against illegal or suspected illegal activities, to enforce our Terms and Conditions, or to protect the rights, safety, and security of Verofax, our Users, other persons or the public.
3. We may share your Personal Data with third parties and/or service providers such as payment processors and for the integration of Customer Relationship Management functionality etc., in so far as it may be necessary and in order to provide you our Facilities and to conduct quality assurance testing; to facilitate the creation of User accounts; to provide technical support, operational support and maintenance services; to verify your identity; and/or to provide other services to Verofax and any facilities of Verofax. These third-party service providers are required not to use your Personal Data for any purpose, other than to provide the services mandated by us.
4. We may use social plugins, widgets and other features (“social networks” or “social features”) that are made available by and/or accessed through third party social networks. These social features allow these social networks to place cookies on your browser and to collect certain information, which may be associated with your name, personal details and personal social network account. These Social Features are operated solely by the respective Social Networks, and their service providers, and we recommend that you carefully read their privacy policies before you decide to use them. We have no control over or access to the information collected, stored or used by such social networks, and the information practices of such social networks are not covered by this Privacy Policy. If you do not wish to associate any information collected via the plugins, widgets and/or other features with your personal social network account information, you should refrain from using these social features and logout from your social network account before any visit to or use of our facilities, or using our services.
5. We may share some or all of your Personal Data with third parties (i.e. if Verofax is acquired by a new owner) in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset forming part of Verofax’ good will. If another company acquires Verofax, its business or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations held by Verofax regarding your Personal Data, as described in this Privacy Policy.

Links to third-party websites

Verofax facilities or communications may contain links to other third-party websites which are not owned or operated by Verofax and too, which are regulated by their own privacy policies. If you click on a third-party link, you will be directed to that third party’s site. Verofax strongly advises you to review the privacy policy of every site you visit. Verofax is not responsible for the privacy policies of these third-party websites, regardless as to whether they were accessed using the links from our facilities. Verofax has no control over and assumes no liability for the content, privacy policies or practices of any third-party sites or services.

Verofax specifically herein mandates that you, as the User (as per this Privacy Policy) to visit, familiarize, understand the below entity policies, being partners of Verofax in providing services under the facilities to you, however – even if not done as mandated herein, you as the User accepts that through the application for the creation of a User account, the terms of their individual privacy policies, cookies policies, as well as terms and conditions, as third-party service providers to Verofax (albeit, not to be construed as a closed list) and too which should include all third party vendors:

• Deutsche Post AG (DHL): https://www.dhl.com/ae-en/home/footer/local-privacy-notice.html & https://www.dhl.com/ae-en/home/footer/terms-of-use.html 
• Oracle: https://www.oracle.com/legal/privacy/privacy-policy.html & https://www.oracle.com/legal/privacy/marketing-cloud-data-cloud-privacy-policy.html & https://www.oracle.com/legal/terms.html 
• Stripe: https://stripe.com/privacy & https://stripe.com/spc/legal 
• BICS: https://bics.com/online-privacy-policy/ & https://bics.com/wp-content/uploads/2018/04/BICS-General-Terms-and-Conditions_v.-March-2018.pdf 
• Freshworks: https://www.freshworks.com/privacy/ & https://www.freshworks.com/terms/ 
• Microsoft Azure: https://privacy.microsoft.com/en-us/PrivacyStatement & https://www.microsoft.com/en-us/legal/intellectualproperty/copyright/default#o10 

Other than as stated in this Privacy Policy, Verofax does not disclose any of your personal information to any third parties, unless required to do so by law enforcement, court order, or in compliance with legal reporting obligations.

DATA STORAGE AND DATA TRANSFERS

User Data is stored and transferred in compliance with the applicable legislation or regulations of every jurisdiction in which Verofax operates.

We store and process your Personal Data in data centers within the United Arab Emirates, wherever we have our premises, wherefrom we provide services or where Verofax’ service providers are located.

If you are based in the UK, the EU or the EEA, any storage, processing and transfer of your data outside these territories will adhere to the relevant legal requirements, particularly the GDPR, as and however applicable and/or required.

Regardless of where you are based globally, your Personal Data may be stored, processed and transferred outside of the ADGM in compliance with the ADGM’s data protection and data management regulations as and however applicable and/or required.

Many of our external third parties are also based outside of the aforementioned geographical regions and globally, so, their processing of your Personal Data will involve the transfer and storage of data outside the aforementioned territories. We reiterate that you, as the User, hereby accepts the terms of their individual privacy policies, cookies policies, as well as terms and conditions of third-party service providers to Verofax (named supra; albeit, not to be construed as a closed list) and too which should include all third-party vendors.

Some of the international organisations and countries to which your Personal Data may be transferred do not benefit from an appropriate data protection regulatory framework. For such international organisations and countries, we shall transfer your Personal Data, only upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards, such as an adequacy decision by the Commission of Data Protection, adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with such organisations and countries. We shall notify you with regards to the specific safeguard we shall adopt in transferring your Personal Data to such an international organisation and/or country if you must require such data. 

In respect of GDPR compliance (if applicable): we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of Personal Data to third countries. 

In respect of the ADGM’s data protection and data management regulations relating to the transfer of Personal Data, transfers will be conducted in accordance with the relevant regulations. Please contact us (privacy@localhost) if you want further information on the specific mechanism used by us when transferring your Personal Data.

DATA PROTECTION OFFICER

We have appointed a Data Protection Officer (“DPO”) together acting as a designated Data Protection Controller, who is responsible for overseeing any data-related matters, to address any questions in relation to Personal Data and this Privacy Policy. If you have any questions in relation to your Personal Data and/or this Privacy Policy, including requests to exercise your rights related to Personal Data, please contact us via email on: privacy@localhost.

LEGAL RECOURSE TO RELEVANT AUTHORITIES

If you are based in the UK, EU or the EEA region, then you have the right to make a complaint at any time to a supervisory or regulatory authority, in particular within the UK, or a member state in the EU or EEA where you are habitually resident, where we may be based (if applicable), or where an alleged infringement of any Data Protection law has taken place. However, we would appreciate the opportunity to address your concerns before you approach any such authority. Please contact us in the first instance so that we may try to resolve your complaint swiftly and satisfactorily. Please contact us via email on: privacy@localhost.

Our European representative: 

Pursuant to Article 27 of the GDPR which requires us to have representatives if we are not established in the Union, the controller of your data whom we have appointed as our local representative in Europe is: 

Local representative name / entity:

Dr. Andreas Mätzler 

Contact information: 

Maetzler Rechtsanwalts GmbH & Co KG

Schellinggasse 3/10, 1010 Vienna

AUSTRIA

[email protected] 

If you are based anywhere in the world, you have the right to make a complaint at any time to the Office of Data Protection at the ADGM if there is an infringement of the ADGM’s extant data protection regulations. However, we would appreciate the opportunity to address your concerns before you approach the ADGM. Please contact us in the first instance (privacy@localhost) so that we may try to resolve your complaint swiftly and satisfactorily.

HOW TO CLOSE YOUR USER ACCOUNT

If you wish to close your User account, please contact us at info@localhost or support@localhost. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms and Conditions of the Service.

SECURITY PRECAUTIONS AND MEASURES EXERCISED BY VEROFAX FOR PROTECTION OF YOUR DATA

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We use industry-standard technical mechanisms and ensure that our affiliates or vendor entities use data encryption technology while implementing restrictions related to the storage of and the ability to access your personal information. 

Verofax servers and processing operations are hosted on the Microsoft Oracle / Azure cloud services within the Kingdom of Saudi Arabia and the Republic of Singapore and are in- line and compliant with all applicable data residency regulations and laws.

Verofax facilities are scanned on a regular basis for security holes and known vulnerabilities, to best ensure its security.

Your Personal Data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential. 

No guarantee

Please note that no transmission over the Internet or any method of electronic storage can be guaranteed to be absolutely 100% secure, however, our best endeavours will be made to secure data and the ability to access your personal information. 

Without prejudice to our efforts on protection of your data, nothing contained in this Privacy Policy constitutes a warranty of security of the facilities, and you agree to transmit data at your own risk. 

Please note, that Verofax and the facilities do not guarantee that your data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

Please, always check that any website on which you are asked for financial or payment information in relation to our reservations or services is in fact legitimately owned or operated by Verofax. The risk of impersonating hackers exists and should be taken into account when using our facilities and/or Services.

If you do receive any suspicious communication of any kind or request, do not provide your information and report it us by contacting our offices immediately (privacy@localhost). Please also immediately notify us (privacy@localhost) if you become aware of any unauthorised access to or use of your User account. 

Since we cannot guarantee against any loss, misuse, unauthorised acquisition, or alteration of your data, please accept that you play a vital role in protecting your own Personal Data, including the adoption of sufficient safety measures such as your choosing of an appropriate password of sufficient length and complexity and to not reveal this password to any third-parties. 

Furthermore, we cannot ensure and do not warrant the security or confidentiality of data transmitted to us, or sent and received from us by Internet or wireless connection, including: email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us (privacy@localhost). 

Lastly, please note that should your Personal Data be breached and the security of your rights be at high risk, we shall promptly and immediately communicate to you the nature of the breach which has taken place, the likely consequences of such a breach and shall describe thoroughly the measures we have implemented to address the breach and to mitigate any and all adverse effects to you and your rights . In the unlikely event of a breach occurring, please reach out to us at privacy@localhost for further information and for further advise on how to mitigate the potential adverse effects of such a breach

We also aim to conduct all applicable security risk assessments to ensure the availability of risk mitigation controls, to better safeguard the integrity of User data.

GENERAL

In the case of abuse or breach of security, we are not responsible for any breach of security or for any actions of any third parties which receive the information illegally. 

We will not distribute customer information to be used in mailing lists, surveys, or any other purpose other than what is required to perform our services.

If you choose to restrict the collection or use of your confidential and personal information, please elect the option stated as “Do Not Proceed & Exit Our Website”.

CONTACTING US 

If you have any questions about our Privacy Policy as outlined above, or if you have any complaints, please contact us (privacy@localhost).

If you have any queries or issues pertaining to your information or our privacy policy or Personal Data, then please do write to us at any time by emailing Verofax via privacy@localhost or info@localhost

***