Privacy Policy

1. Introduction

Signature Racking Systems F.Z.C ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and safeguard your personal information when you interact with us, whether through our website, digital platforms, or offline services.

We process your personal data in compliance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and its implementing regulations, alongside any other applicable UAE laws. Our solutions serve clients across Ajman, Dubai, Sharjah, and all UAE Free Zones.

2. Personal Data

We may collect the following categories of personal data:

• Contact Details: Full name, business name, job title, phone number, email, physical address
• Company & Project Information: Site plans, designs, technical specifications, usage data
• Billing & Transaction Data: Purchase history, VAT registration, payment details
• Online Identifiers: IP address, browser type, cookies, device IDs
• Marketing Preferences & Correspondence Records

3. Data Collection

We collect data through:

• Website forms and live chat for quotations and inquiries
• Request for proposals and tender submissions
• Customer onboarding and site visits for racking system installations
• Third-party platforms (CRM, marketing tools, invoicing software)
• Cookies and analytics tools (e.g., Google Analytics, Zoho Analytics)
• Trade shows and industry events across UAE

4. Data Usage / Processing

Your data is processed to:

• Provide quotations, proposals, and technical support for our storage solutions
• Fulfill contractual obligations for racking system installation and maintenance
• Deliver newsletters, product updates, and promotional offers
• Enhance website functionality and user experience
• Comply with legal obligations (e.g., VAT registration, audits)
• Improve our products and services based on customer usage patterns

5. Data Retention

We retain personal data only as long as necessary for the purpose collected, including:

• Legal and tax compliance requirements under UAE law
• Warranty or contractual obligations for our racking systems
• Business analysis and reporting for service improvement
• Ongoing customer relationships and support needs

You may request deletion by contacting our DPO, subject to legal requirements.

6. Data Sharing / Disclosure

We may share your data with:

• Service providers (hosting, logistics, marketing, CRM platforms like Zoho)
• Financial institutions and payment processors for transaction processing
• Auditors, legal advisors, and regulatory authorities as required by law
• International affiliates or subsidiaries where applicable for global projects

All third parties are contractually required to protect your personal data and process it in line with PDPL requirements.

7. Third Parties

We may engage with third parties in the following categories:

• Payment processing services for secure transactions
• Cloud storage providers for data hosting
• Marketing and analytics platforms for service improvement
• Logistics partners for equipment delivery and installation

These parties are carefully vetted for compliance with data protection standards.

8. Service Providers / Contractors

We work with service providers and contractors who may process personal data on our behalf:

• IT service providers for system maintenance
• Installation teams for racking system implementation
• Customer support providers for ongoing service
• Marketing agencies for promotional activities

All contractors are bound by strict confidentiality agreements and data processing addendums.

9. Cookies and Tracking Technologies

We use cookies to enhance website functionality, analyze performance, and provide personalized advertising. Our website utilizes:

• Essential Cookies: Required for basic website functionality
• Analytical Cookies: Help us understand how visitors interact with our site
• Marketing Cookies: Used to track visitors across websites for relevant advertising

You can manage cookies via your browser settings or our website cookie banner.

10. Security Measures

We implement robust technical and organizational measures, including:

• SSL encryption for website transactions
• Multi-factor authentication for internal systems
• Role-based access restrictions to sensitive data
• Routine audits and vulnerability assessments
• Employee training on data protection best practices
• Secure facility access controls for physical data

11. User Consent

We obtain consent for data processing activities where required by law. Consent is:

• Freely given, specific, informed, and unambiguous
• Obtained through clear affirmative action
• Documented for our records
• As easy to withdraw as it is to give

For marketing communications, we rely on opt-in consent as required by UAE regulations.

12. Rights of Data Subjects

Under the UAE PDPL, you have the following rights:

• Right to be informed about how your data is being used
• Right to access your personal data
• Right to correction of inaccurate or incomplete data
• Right to erasure of your data (right to be forgotten)
• Right to restrict processing of your data
• Right to data portability
• Right to object to processing
• Rights in relation to automated decision making and profiling

13. Access, Correction, Deletion

You may request to access, correct, or delete your personal data by:

1. Submitting a written request to our Data Protection Officer
2. Providing sufficient information to identify you and process your request
3. Specifying the action you would like us to take

We will respond to your request within the timeframes stipulated by UAE PDPL, typically within 30 days.

14. Data Portability

Where technically feasible, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.

This right applies to:

• Personal data you have provided to us
• Data processed based on your consent or for performance of a contract
• Data processed by automated means

15. Data Transfer Outside UAE

Your personal data is stored and processed on servers within the UAE. We will only transfer your data outside the UAE if:

• The recipient country has an adequate level of protection recognized by UAE authorities; or
• Appropriate safeguards (e.g., standard contractual clauses) approved under the PDPL are in place; or
• The transfer is necessary for specific situations such as performance of a contract

16. Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

• Contractual Necessity: Required to perform or manage our contractual obligations
• Consent: For marketing communications or optional services/cookies
• Legitimate Interests: For business development, website improvement, or fraud prevention
• Legal Obligations: Compliance with UAE laws, regulations, and government requests

17. Regulatory Compliance (e.g. UAE PDPL, GDPR)

Our privacy practices align with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and respect principles of the EU's General Data Protection Regulation (GDPR) where applicable to international clients.

We adhere to data protection principles including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

Our compliance framework includes:

• Regular privacy impact assessments
• Data protection by design and by default
• Maintenance of processing records
• Appointment of a Data Protection Officer

18. Minors / Children

Our services are not directed to individuals under 18. We do not knowingly collect personal data from minors.

If we become aware that we have collected personal data from a minor without verification of parental consent, we take steps to remove that information from our servers.

If you believe that we might have any information from or about a minor, please contact our Data Protection Officer immediately.

19. Marketing Communications

We may use your personal data to send you marketing communications about:

• New racking system products and solutions
• Special offers and promotions
• Industry events and webinars
• Company news and updates

We will only send you marketing communications if you have consented to receive them or where we have a legitimate interest to do so in compliance with applicable laws.

20. Opt-Out / Unsubscribe

You can opt-out of marketing communications at any time by:

• Clicking the unsubscribe link in any marketing email
• Contacting our Data Protection Officer
• Updating your preferences in your account settings (if available)

Once you opt-out, we will cease sending you marketing communications as soon as technically feasible.

21. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact our Data Protection Officer first so we can attempt to resolve the issue.

You have the right to lodge a complaint with the UAE Data Office if you believe our processing of your personal data violates applicable data protection laws.

The contact details for the UAE Data Office are:

22. Contact Information

For questions, complaints, or to exercise your rights, contact our Data Protection Officer:

23. Changes to the Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, and other factors.

When we make changes, we will:

• Update the "Effective Date" at the top of this policy
• Post the updated policy on our website
• For significant changes, provide additional notice such as email notification or a website banner

We encourage you to review this policy periodically to stay informed about our privacy practices.

24. Retail Customers vs. Corporate Clients

We distinguish between retail customers and corporate clients for data processing purposes:

• Retail Customers: Individuals purchasing our products for personal use. We process their data primarily based on consent and contractual necessity.
• Corporate Clients: Businesses purchasing our racking systems. We process employee data based on legitimate interests and contractual necessity, with appropriate safeguards.

Different privacy notices may apply based on the relationship context.

25. Website Usage Data / Analytics

We collect website usage data through analytics tools such as Google Analytics and Zoho Analytics to:

• Understand how visitors use our website
• Identify popular content and features
• Detect and fix technical issues
• Improve user experience and service delivery

This data is aggregated and anonymized where possible to protect individual privacy.

26. Third-Party Links

Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every site you visit.

27. Data Breach Notifications

In the unlikely event of a personal data breach posing a high risk to your rights or freedoms, we will comply with PDPL requirements to notify both the relevant authority and affected individuals without undue delay.

Our breach response plan includes:

• Containment and recovery procedures
• Assessment of likely risk to individuals
• Notification to appropriate authorities within 72 hours
• Communication to affected individuals when required
• Documentation of all breaches regardless of effects

28. Automated Decision-Making / Profiling

We do not use fully automated decision-making processes that would significantly affect individuals without human intervention.

Where we use any form of automated processing (including profiling), we will:

• Inform you about the logic involved
• Explain the significance and envisaged consequences
• Implement suitable safeguards, including the right to obtain human intervention

29. Storage Location

Your personal data is stored and processed on servers located within the United Arab Emirates.

We utilize cloud storage providers that maintain UAE-based data centers to ensure compliance with local data residency requirements.

Any international transfers follow the procedures outlined in the "Data Transfer Outside UAE" section of this policy.

30. Encryption

We use industry-standard encryption technologies to protect your data:

• SSL/TLS encryption for data in transit between your browser and our servers
• AES-256 encryption for sensitive data at rest
• Encrypted backups for disaster recovery purposes
• End-to-end encryption for particularly sensitive communications

Our encryption protocols are regularly reviewed and updated to address emerging security threats.

31. Cookies Preferences

We provide you with control over your cookie preferences through:

• A cookie consent banner upon first visit to our website
• Granular controls for different cookie categories
• Ability to change preferences at any time through our cookie preference center
• Browser-based controls guidance in our help section

Your preferences are stored and respected for subsequent visits to our website.