Privacy Policy

1. Agreement To Our Privacy Policy

  • This privacy policy (Privacy Policy or Policy) together with our Terms of Use (“Terms”) and all other terms, conditions and policies published on the Platform (as defined below), govern your access to and use of the Platform. By using the Platform, you agree to be bound by these policies, which supplement and are incorporated into our Terms. This Policy does not intend to override the Terms. Any terms, words, phrases which are not defined in the Policy shall have the same meanings as ascribed to them in the Terms.

 

  • When you visit our website, pages, features, mobile applications, API and or other products and services (“Platform”), and more generally use or participate in any of our Services through our Platform, we appreciate you trusting us with your personal information. Personal information includes any information which may, by itself, or in collaboration with other information be able to identify you. We take your privacy very seriously; and so this Policy as amended from time to time sets out how Exafy Holdings Ltd (Company, we, us or our) collects, processes, uses, maintains, stores, transfers, discloses, erases or destroys your confidential and personally identifiable user data, obtained from and through the Platform and related services offerings, via the Platform. The specific data points which we collect from you are explained below in this Policy. We are committed to protecting your (user, you or your) personal information and right to privacy.

 

  • By opening an account with Exafy Holdings Ltd and/or using our services and Platform, you acknowledge that you accept terms of this Privacy Policy. We encourage you to read this Policy carefully before proceeding further as it forms part of our Terms, available at https://exafy.io/terms-of-use.

2. Changes To This Privacy Policy

  • This Policy has been prepared in accordance with the ADGM Data Protection Regulations 2021 as well as all applicable UAE regulations, guidance and international best practices.

 

  • From time to time, we may revise, amend or supplement this Policy to reflect necessary changes in law, our personal data collection and usage practices, the features of our Platform, or certain advances in technology, or if so directed by the concerned regulators. If any material changes are made to this Policy, the changes may be prominently posted on the relevant or affected Platform. However, this is not obligatory for us; the onus is on you to occasionally familiarize yourself with the contents of this Policy, for your own information; and particularly to do so every time you access our Platforms or make use of our services.

 

  • Changes to this Policy are effective when they are published.

3. Data Processing Principles Followed

Users’ data collected and processed is done so in accordance with the relevant principles, including: lawfulness, fairness and transparency; for specific and clear purpose, purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security) and accountability; with all relevant laws and regulations considered; and however applicable.

4. Consent For Legal Obligations And Legitimate Interests

  • You provide consent to your personal data (whether provided directly by you, whether collected by us, or received by us from third parties or otherwise) being processed to satisfy all legal obligations arising from any contracts entered into/ with/ involving you or to deliver any services to you; or to take steps at your request prior to entering into a contract with you; or for our legitimate interests to protect our property, rights or safety of either the Company, its users, customers, clients, other persons or other entities.

 

  • The specific data points which we collect, the method by which we collect such data, the purposes for which we collect such data, how we share such data, and how long we retain such data is explained individually and specifically for your precise, informed and unambiguous consent below in this Policy.

5. The Data We Collect

The information you provide, or which we obtain from other sources will be used by us, in accordance with this Policy, read in conjunction with our other policies and the applicable laws. The description below specifies which data points we collect, by what method and for what purposes.

What Data We Collect

  • First name;
  • Family name (including any personal information about your race or ethnicity, religious or philosophical beliefs, political opinions, gender, trade union membership, information which may be revealed from the same);
  • Phone number;
  • Information from linked accounts used to register an Account (including but not limited to, device or advertising identifiers, usernames, and similar identifiers linkable to a browser, device or account, which does not directly identify you); and
  • Personal information supplied by third-party entities (including governmental authorized entities, mandated entities or other users) and service providers / agents in the outsourcing our services, including, but not limited to third party identity verification sources and services.

How We Collect Data

  • Users provide it directly to us when the users register for an Account.
  • We collect it from third party partners who have your consent to provide us this data, and if you have given us consent to collect such data.
  • We will gather information from third parties and service providers who you have authorized to collect, process and share your personal information.

Why We Collect Data

  • Entering into and fulfilling our obligations under your contract with Platform, including in conjunction with personal information collected from authorized third parties.
  • Protecting our legitimate interests, where our doing so will not unduly affect your rights.
  • Facilitating the Account creation and management of Accounts, such as the communication of a one-time password (OTP) to verify the ownership of the e-mail address or the mobile number provided when your Account is created.
  • Sending administrative information/ provide administrative support related to user activity, sent via e-mail or WhatsApp.
  • Requesting feedback on and respond to inquiries regarding our Platforms.
  • Responding to enquiries/ customer support.
  • Marketing and promotional communications.
  • Administering rewards, pay-outs and conducting contests.
  • Facilitating necessary agreements / partnerships with third party providers to continue providing the services.
  • Notifying you about important changes or updates to the services.
  • Contacting your over call or through messaging services.
  • Effectively conducting internal compliance checks and external compliance checks by certified vendors (where applicable).
  • Processing your payment if you make purchases.
  • Fulfilling and manage users order (payments, returns and exchanges).
  • Rectifying any errors that you face when trying to access our services.
  • Maintaining security and operation of the Platforms.
  • Improving the quality of your user experience when you interact with the services.
  • Internal record keeping, analytics and reporting purposes.
  • Analyzing trends; to operate, administer and maintain the facilities; track users’ movements and activity around and within the Platform; gather demographic information about our user base as a whole, and better tailor our Platforms to our users’ needs.
  • Logging and using service-related diagnostic, usage and performance information on Platform’s servers.
  • Legal and regulatory compliance.
  • Facilitating the Account creation and management of Accounts.
  • Protecting our legitimate interests where our doing so will not unduly affect your rights.
  • As part of our analytics which will help us improve your overall service and experience.
  • Legal and regulatory compliance.
  • Certain Services, such as one-time passcode (OTP) authentication may require collection, use, processing, transfer and storage of your phone number and possibly other data. We may associate that phone number to your mobile device identification information.

 

  • You undertake that all personal information provided to us by you is true, complete and accurate and you must notify us of any changes to such personal information.

 

  • We do not collect data about actual or alleged criminal offences.

 

6. We Process And Use Aggregated, Anonymized And Deidentified Data

  • We may also create, process, collect, use and share aggregated, anonymized or de-identified data such as statistical or demographic data for any purpose which may be derived from your personal data. We may use this data to comply with legal or regulatory obligations. 

 

  • We may share your data with members of our group, service providers and our key partners. Some of these third parties may be in a jurisdiction outside the laws as stated in this Policy, in which case we will take all necessary steps to ensure that your personal information is treated securely and that such transfers are permitted under the applicable data protection laws. 

 

  • We may also use any or all of the personal information above to administer and manage our business in general, to detect and prevent misuse of our services (including fraud and unauthorized payments), and to enforce our Terms or any other contract to which we may be a party to. 

 

7. Cookie Policy

  • We may use cookies and similar technologies that automatically collect certain information from your browser or device when you visit our website, read our emails, use our Service or otherwise engage with us.

 

  • COOKIES – A cookie is a piece of data contained in a very small text file that is stored in your browser or elsewhere in your hard drive. We use cookies, web beacons, log files, and a variety of similar technologies (collectively, “cookies”) to collect information from your browser or device. These technologies collect information about how you use the Service (e.g., the pages you view, the links you click, and other actions you take on the Service), information about your browser and online usage patterns (e.g., Internet Protocol (“IP”) address, browser type, browser language, referring / exit pages and URLs, pages viewed, whether you opened an email, links clicked), and information about the device(s) you use to access the Service (e.g., mobile device identifier, mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, and whether you access the Service from multiple devices).

 

  • WHY WE USE COOKIES – We may use the information collected through these technologies to better display our website, to save you time, to provide better technical support, for promotional purposes, and to measure and analyze website usage.

 

  • TYPES OF COOKIES: Strictly Necessary (also known as Essential or Required Cookies), Functional, Analytic and Tracking.

 

  • CHOICE OF COOKIES – You may be able to refuse or disable cookies by adjusting your web browser settings. Some browsers have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services and features may no longer be available to you or function properly.

8. Consequences Of Your Refusal, Failure, Inability To Provide Us With Necessary Personal Information

If you fail, neglect and/or refuse to, or are unable to provide us any personal information which we necessarily need to provide you with the services or the Platform, which we need to collect by law, we may not be able to provide you services through the Platform. In this case, we have the right to discontinue the provision of the Platform to you and/or close your Account. In such a situation, we will notify you at the earliest.

9. We Do Not Collect Personal Information Of Minors Without Parental Supervision

The Platform may be available to users below the age of 18 years, but only under parental supervision. For such users, we may collect some information about the minors, but we endeavour to collect minimal personal data of such users. For users below the age of 18 years, we try, on a best effort basis to collect the information of their legal guardian for all documentation, financial, security, and other operational purposes. By using the Platforms, you represent that you are at least 18 years or that you are using this Platform under the supervision of, and under the legal liability of your legal guardian, or that you are the legal guardian of such a minor and consent to such minor dependent’s use of the Platform. If we learn that the above stipulations are not met, then we, at our discretion may deactivate your Account and take reasonable measures to promptly delete such data from our records.

10. Processing Of Personal Information Without Consent In Some Cases

We may collect and process some of your personal information without your knowledge or consent; and only where this is required or permitted by law. We may be compelled to surrender your personal information to legal authorities without your express consent, if presented with a court order or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or other applicable jurisdiction.

11. Collection Of Data For Market Research And Promotional Informations

  • We provided you with choices regarding the personal data we use, particularly concerning any market research and/or subsequent marketing, advertising and promotion. Towards this, we have established thesepersonal information control mechanisms:
  1. Promotional offers: We may use your personal information to determine what may be of interest to you. This is how we decide which products, services, and offers may be relevant and of interest to you. By using our Platforms, registering an Account, contacting us, requesting information from us, you consent to receiving marketing communications from us. We may communicate with you by e-mail, fax or telephone.
  2. Optout: You can ask us or third parties to stop sending you marketing related material and/or communications at any time by following the opt-out links on any marketing message sent to you or by contacting us.

12. Sharing Your Personal Information With Third Parties

  • We may have to share your personal information with a selected and trusted group of third party/parties to fulfil our obligations under our contract with you, to meet government, regulatory and law enforcement requests, and to continue providing you with the services. We will only disclose your personal information to third party service providers under strict terms of confidentiality. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions. 

 

  • We may have to share or transfer your personal information in the specific circumstances listed below:
  1. With your consent: We will share your personal information with companies, outside organisations or individuals, if we have your consent to do so.
  2. Applicable law, government requests, etc.: Where we are legally required to do so, we may disclose your personal information to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements), or where we find it is necessary to investigate, prevent or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved disclose your personal information. Additionally, we may disclose your personal information to enforce our Terms, or to protect the rights, safety, and security of the Company, our users, other persons or the public.
  3. Merger, acquisition etc.: In connection with, or during negotiations of, any merger, sale of Company assets, financing, acquisition of all or a portion of our business to another company, any dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your personal information may also be transferred as a business asset forming part of our good will. If another company acquires us, our business or assets, that company will possess the personal information collected by us and will assume the rights and obligations held by us regarding your personal information, as described in this Policy.
  4. Advertisements: Where we use third party advertising companies to serve ads when you visit or use the Platforms. These companies may use information about your visits to our Platforms and other Platforms that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you, provided you have consented to the same.
  5. Affiliates: We may share your personal information with our affiliates, in which case we will require those affiliates to honor this Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us – presently or in the future. We may share your information with our business partners to offer you certain products, services or promotions; and,
  6. With select third party vendors: In connection with the performance of our services, we may share your personal information with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples of such third parties include payment processing, customer relationship management, data analysis, email delivery, hosting services, customer service, quality assurance testing, technical support, operational support and maintenance services and marketing efforts.

13. Links To Third-party Websites

Our Platforms or communications may contain links to other third-party websites which are not owned or operated by us and are regulated by their own privacy policies. If you click on a third-party link, you will be directed to that third party’s platform. We strongly advise you to review the privacy policy of every platform you visit. We are not responsible for the privacy policies of these third-party websites, regardless of whether they were accessed using the links from our Platform. We have no control over and assume no liability for the content, privacy policies or practices of any third-party platforms or services.

14. Your Rights Regarding Personal Information

  • Depending on your country of residence you may have certain rights. These rights may include:
  1. Right to be Informed: This means you have a right to know:
  • The identity and the contact details of the Company;
  • The purposes of the processing your personal information as well as the legal basis for the processing;
  • The legitimate interests pursued by us or by a third party who processes your personal information;
  • The recipients or categories of recipients of your personal information;
  • Our intention to transfer your personal information to a third country or international organisation and the existence or absence of an adequacy decision by the relevant supervisory authority, or where applicable, reference to the appropriate safeguards and the means to obtain their copy.
  • The period for which your personal information will be stored, or if that is not possible, the criteria used to determine that period;
  • Whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obligated to provide the personal information and of the possible consequences of failure to provide such data;
  • The existence of automated decision-making, including profiling and meaningful information about the logic involved.
  • Where we intend to further process your personal information for a purpose other than that for which the personal information was collected for, we must apprise you, prior to such further processing, with information on those other purposes and with any other relevant information.

2. Right of Access: This is your right to see what personal information is held about you by us. Particularly you have the right to:

  • Receive confirmation as to whether or not your personal information is being processed;
  • Access your personal information which we are processing along with the purposes of processing; the categories of personal information being processed; the recipients or categories of recipient to whom the personal information has been or will be disclosed; the envisaged period for which the personal information will be stored, or, if not possible, the criteria used to determine that period; where the personal information are not collected from you, any available information as to their source.
  • Where your personal information is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer;
  • A copy of your personal information being processed; and
  • Any further copies requested by you, upon paying a reasonable fee.

3. Right to Correction: This is your right to have your personal information corrected, rectified or amended, if what is held by us or a third party onboarded by us is incorrect/ inaccurate in some way.

4. Right to Erasure: This is your right, under certain circumstances to ask for your personal information to be deleted. This would apply if your personal information is no longer required for the purposes it was collected for, or your consent for the processing of that data has been expressly withdrawn, or where your personal information has been unlawfully processed. Once deleted all your personal data will be removed from our systems and will not be recoverable.

5. Right to Withdraw Consent: If you wish for the Company to stop processing your personal information, it is your right to withdraw consent at any time, preventing the Company from further processing the same personal information.

6. Right to Restrict Processing: This is your right to ask for a temporary halt or pause in processing your personal data, such as in the case where a dispute or legal case must be concluded, or the data is being corrected.

7. Right to Data Portability: This is your right to ask for your personal information supplied directly to us, which we have processed pursuant to your consent, under a contract, or by automated means, to be provided to you in a structured, commonly used, and machine-readable or electronic format.

8. Right to Object: This is your right to object to the further processing of your personal information which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation and direct marketing.

9. Rights in Relation to Automated Decision Making and Profiling: This is your right not to be subject to a decision based solely on automated processing.

  • Please note that whether or not you have these rights will depend on the domestic data protection laws of your country. You may want to consult with a legal advisor to better understand your personal data related rights in your jurisdiction.

 

  • We aim to respond to all legitimate requests without undue delay and within 2 calendar monthsof receipt of any request from you. Occasionally it may take us longer than 2calendar months, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).

 

  • If you have any of these rights under your domestic data protection laws and wish to exercise any of them, please contact us at hello@exafy.io. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This security measure is to ensure that your personal information is not disclosed to any person who has no right to receive it.

15. How To Update Your Information

Whenever possible, you can update your personal information, subject to verification by us. If you wish for us to update your personal information, please contact us at hello@exafy.io, or proceed to amend the same in your Account on the Platform. We will retain your personal information for as long as your Account has not been closed or as may be needed to provide you access to your Account and/or services, and in compliance with the law.

16. Retention Of Data

  • We retain information on your behalf, including customer data, transactional data and other session data, linked to your Account. Should any further information be required, please contact us at hello@exafy.io.

 

  • Your personal information will be stored, retained, and processed for no period longer than as required by us for the purposes it was collected for, for the purposes of using the Platform, and for meeting any legal, accounting, reporting, government, regulatory or law enforcement requirements. Unless required for any of the purposes specified above, we will delete personal information related to closed Accounts every 12 calendar months.

 

  • To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

  • When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

17. Storage Andtransfer Of Data

  • Your personal information is stored and transferred in compliance with the applicable legislations or regulations of UAE and ADGM.

 

  • Some of the international organisations and countries to which your personal informationmay be transferred do not benefit from an appropriate data protection regulatory framework. For such international organisations and countries, we shall transfer your personal information, only upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards, such as an adequacy decision by the relevant authority, adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with such organisations and countries.

18. How To Close Your User Account

If you wish to close your Account, please use the relevant option within your Account on the Platform. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms available at Terms of Use webpage.

19. Security Precautions And Measures For Protection Of Your Personal Data

  • We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We use industry-standard technical mechanisms and ensure that our affiliates or vendor entities use data encryption technology while implementing restrictions related to the storage of and the ability to access your personal information.

 

  • Our facilities are scanned on a regular basis for security holes and known vulnerabilities, to best ensure its security.

 

  • Your personal information is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.

 

  • No guarantee:
  • Please note that no transmission over the Internet or any method of electronic storage can be guaranteed to be absolutely 100% secure, however, our best endeavours will be made to secure data and the ability to access your personal information.
  • Without prejudice to our efforts on protection of your data, nothing contained in this Policy constitutes a warranty of security of the facilities, and you agree to transmit data at your own risk.
  • Please note, that we do not guarantee that your data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
  • Please, always check that any website on which you are asked for financial or payment information in relation to our Platform is in fact legitimately owned or operated by us. The risk of impersonating hackers exists and should be taken into account when using our Platform.
  • If you do receive any suspicious communication of any kind or request, do not provide your information and report it us by contacting our offices immediately at hello@exafy.io. Please also immediately notify us at hello@exafy.io if you become aware of any unauthorized access to or use of your Account.
  • Since we cannot guarantee against any loss, misuse, unauthorized acquisition, or alteration of your data, please take the necessary steps to protect your own personal information, including the adoption of sufficient safety measures such as your choosing of an appropriate password of sufficient length and complexity and to not reveal this password to any third parties.
  • Furthermore, we cannot ensure and do not warrant the security or confidentiality of data transmitted to us, or sent and received from us by Internet or wireless connection, including: email, phone, over-the-top (“OTT”) messaging services or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us hello@exafy.io.
  • Should your personal information be breached, and the security of your rights be at high risk, we shall promptly and immediately communicate to you the nature of the breach which has taken place, the likely consequences of such a breach and shall describe thoroughly the measures we have implemented to address the breach and to mitigate any and all adverse effects to you and your rights. In the unlikely event of a breach occurring, please reach out to us at hello@exafy.io for further information and for further advise on how to mitigate the potential adverse effects of such a breach.
  • We also aim to conduct all applicable security risk assessments to ensure the availability of risk mitigation controls, to better safeguard the integrity of your data.

20. General

  • In the case of abuse or breach of security, we are not responsible for any breach of security or for any actions of any third parties which receive the information illegally.

 

  • We will not distribute customer information to be used in mailing lists, surveys, or any other purpose other than what is required to perform our services.

 

  • If you choose to restrict the collection or use of your confidential and personal information, please stop using the Platform immediately.

21. Contacting Us

  • If you have any questions about our Policy as outlined above, or if you have any complaints, please contact us at hello@exafy.io.

 

  • If you have any queries or issues pertaining to your information or our Policy or personal information, then please do write to us at any time by emailing us via hello@exafy.io.