This Privacy Policy explains how CodeCatalyst Solutions FZ-LLC ("we," "our," or "us") collects, uses, and protects your personal information in compliance with UAE laws and regulations.
1. Scope and definitions
This Policy applies to all personal data collected, processed, or stored by the Company, including but not limited to:
Personal identification data (name, email, phone, address)
Corporate and business information (company details, registration numbers)
Technical and project specifications (requirements, scope, deliverables)
Communication records (emails, calls, meetings, correspondence)
Financial and payment information (billing, transactions, invoices)
Technical data (IP addresses, cookies, usage analytics)
2. Legal basis and purpose of processing
We process your personal data based on the following legal grounds and purposes:
Contract performance: providing software-engineering services and consulting
Legal obligation: compliance with UAE and international regulations
Consent: marketing communications and service improvements
Vital interests: emergency situations and security measures
Public interest: regulatory reporting and legal proceedings
3. Data sharing and third-party disclosures
Your personal data may be disclosed to the following categories of recipients:
Sub-processors and engineering partners (under strict confidentiality and data-protection terms)
Professional service providers (legal, accounting, technical)
Regulatory authorities (as required by UAE law)
IT and security service providers (under strict data-protection terms)
We expressly prohibit the sale, rental, or commercial exploitation of your personal data. Any sharing is conducted under strict confidentiality and data-protection agreements.
4. Data security and protection measures
The Company implements comprehensive technical and organizational security measures including encryption, access controls, regular security audits, employee training, and incident-response procedures. We engineer to ISO 27001 controls and conduct regular penetration testing to ensure data-protection compliance with UAE and international standards.
5. Data retention and disposal
Personal data retention periods are determined by legal requirements, business necessity, and consent duration:
Active client data: service duration + 7 years (statutory limitation)
Marketing data: until consent withdrawal or 3 years maximum
Legal and compliance records: as required by UAE law (minimum 10 years)
Technical logs: 2 years for security and audit purposes
6. Data-subject rights and procedures
Under UAE Federal Law No. 45 of 2021, you have the following rights:
Right of access — request confirmation of data processing and copies
Right of rectification — correct inaccurate or incomplete data
Right of erasure — request deletion subject to legal obligations
Right to restrict processing — limit data use in specific circumstances
Right to data portability — receive data in a structured format
Right to object — oppose processing based on legitimate interests
Right to withdraw consent — revoke consent at any time
7. International data transfers
International data transfers — including transfers to engineering teams in the European Union — are conducted under strict safeguards including Standard Contractual Clauses (SCCs), adequacy decisions, and binding corporate rules where applicable. We ensure compliance with both UAE and EU data-protection laws through transfer-impact assessments and ongoing monitoring.
8. Cookies and tracking technologies
We utilise essential, functional, and analytics cookies to enhance website performance and user experience. Cookie preferences can be managed through browser settings. Third-party cookies are subject to separate privacy policies and consent mechanisms.
9. Minors and vulnerable persons
Our services are strictly limited to individuals aged 18 and above. We do not knowingly collect or process personal data from minors. If we become aware of such collection, we will immediately delete the data and terminate any related services.
10. Policy updates and notifications
This Policy may be updated periodically to reflect legal changes, technological developments, or business practices. Material changes will be communicated through website updates, email notifications, or other appropriate means. Continued use of services constitutes acceptance of updated terms.
11. Contact information and complaints
For privacy-related inquiries, rights requests, or complaints, please contact our Data Protection Officer:
Email: contact@gocatalyst.ae
Response time: we will acknowledge your request within 7 business days and provide a substantive response within 30 days as required by UAE law.