PRIVACY POLICY
How we keep your data safe and protected
Scope of policy
Qudrat Group adheres to the Personal Data Protection Law, Federal Decree Law No. 45 of 2021 about Protection of Personal Data addressing confidentiality of information and protection of the privacy of individuals in the UAE and outside it.
The Policy applies to all Qudrat Group internal and external stakeholders including staff, clients, suppliers, visitors to Qudrat Group website anywhere in the world from the start of the relationship with Qudrat and after the end of the relationship.
This Policy applies to all data collected, stored and processed by Qudrat Group. Personal data is any information relating to a natural person who is or can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. This can include in particular:
Qudrat Group adheres to the Personal Data Protection Law, Federal Decree Law No. 45 of 2021 about Protection of Personal Data addressing confidentiality of information and protection of the privacy of individuals in the UAE and outside it.
The Policy applies to all Qudrat Group internal and external stakeholders including staff, clients, suppliers, visitors to Qudrat Group website anywhere in the world from the start of the relationship with Qudrat and after the end of the relationship.
This Policy applies to all data collected, stored and processed by Qudrat Group. Personal data is any information relating to a natural person who is or can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. This can include in particular:
- Name
- Physical address
- Email address
- Telephone number
- Passport or ID card
- Date of birth
- Fingerprints
Principles of processing personal data
- All data shall be up-to-date, complete and accurate, otherwise data shall be deleted.
- The data shall only be collected in a fair and legal manner.
- The data shall only be collected to the extent that is required for the intended purpose.
- Data shall only be collected and processed upon consent provided by the individual whose data is being collected and processed.
- The data shall be collected for a specific purpose that has been defined prior to data collection.
- The data subject shall be informed how the data is to be used and managed.
- The data shall only be collected directly from the subject.
- Personal data shall be retained for a period that is necessary and no longer.
- In some cases, data maybe be kept on file for longer periods if there is sufficient reason to do so and, in such cases, data shall be kept in line with the above principles until it is decided to delete the data.
- All personal data shall be treated as strictly confidential, shall not be shared with third parties and shall be secure from loss or damage and access to it shall be limited to authorised individuals.
Personal data collection and processing
Qudrat Group shall only collect data to perform its duties before staff and partners. In accordance with legislation, Qudrat Group can process personal information, so long as there are grounds to do so and this must be disclosed to the data subject. The following processing conditions shall apply to personal data:
Any unauthorised collection, processing, storage of personal data is strictly prohibited. Any data collected, processed, stored by Qudrat Group staff that was not authorized as part of his/her duties or does not comply with the above principles of personal data processing shall be deemed unauthorized.
Qudrat Group staff are prohibited from using personal data for commercial and private purposes, disclose it to unauthorised individuals and third parties inside and outside Qudrat Group.
Qudrat Group does not publish personal data in the public domain without the consent of the individual concerned.
In some cases, the personal data that Qudrat Group collects will also include special categories of data, such as diversity related information (including data about racial and ethnic origin, political opinions, religious beliefs and other beliefs of a similar nature, trade union membership and data about sexual life and sexual orientation), or health data and data about alleged or proven criminal offences in each case where permitted by law.
Qudrat Group shall only collect data to perform its duties before staff and partners. In accordance with legislation, Qudrat Group can process personal information, so long as there are grounds to do so and this must be disclosed to the data subject. The following processing conditions shall apply to personal data:
- Counterparty due diligence where procedures are required to be performed in order to evaluate the risks of engaging with a counterparty, performing services for the counterparty and receive services from a counterparty;
- Performance of a contract and fulfilment of obligations under a contract;
- In order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;
- As part of subscriptions to newsletters and news/update mailings;
- As part of submission of feedback, requests, queries and job applications via Qudrat Group website, email or in hard copy;
- For the purposes of processing incidents reported by internal and external stakeholders;
- Collection of research data through surveys, questionnaires and other forms of data collection for the purposes of developed an anonymised research output;
- Administration tasks such as talent recruitment, staff travel and visa arrangements;
- Personal data shall be processed where it is in Qudrat Group’s legitimate interest in running a lawful business to do so in order to further that business, so long as it doesn’t outweigh interests of the data subjects;
- Explicit consent given by the data subject. In such instances specific permission to process some personal information shall be requested and processed only if consent is given. The consent can be withdrawn by the data subject at any time by notifying the Qudrat Group staff who collected the information in writing.
- To offer information and/or services to individuals who visit Qudrat Group's website or offer information about employment opportunities.
- To prevent fraud or criminal activity and to safeguard Qudrat Group's IT systems.
- To customise individuals’ online experience and improve the performance usability and effectiveness of Qudrat Group’s online presence.
- To conduct, and to analyse, Qudrat Group's marketing activities.
- To meet Qudrat Group’s corporate and social responsibility obligations.
- To exercise fundamental rights including the freedom to conduct a business and right to property.
Any unauthorised collection, processing, storage of personal data is strictly prohibited. Any data collected, processed, stored by Qudrat Group staff that was not authorized as part of his/her duties or does not comply with the above principles of personal data processing shall be deemed unauthorized.
Qudrat Group staff are prohibited from using personal data for commercial and private purposes, disclose it to unauthorised individuals and third parties inside and outside Qudrat Group.
Qudrat Group does not publish personal data in the public domain without the consent of the individual concerned.
In some cases, the personal data that Qudrat Group collects will also include special categories of data, such as diversity related information (including data about racial and ethnic origin, political opinions, religious beliefs and other beliefs of a similar nature, trade union membership and data about sexual life and sexual orientation), or health data and data about alleged or proven criminal offences in each case where permitted by law.
Data security
Qudrat Group makes reasonable effort to ensure that data is protected from unauthorized loss, misuse, alteration, or destruction. However, despite best efforts, data security cannot be guaranteed against all possible threats. To the best of our ability access to data shall be limited to authorised persons only and confidentiality shall be preserved by those individuals.
Transfer of personal data
Any transfer of personal data outside Qudrat Group shall be conducted with the written consent of the data subject. Upon receipt of consent from the data subject, data shall be transferred only to entities and jurisdictions which have implemented high quality data protection internal policies and legislation, respectively. The recipient of the data shall agree to the data protection practices which are at least equivalent or better than the provisions of this Policy.
Personal data shall be transferred in cases where this is required by legislation. Data subject’s interests shall be protected to the extent possible in the context of legal requirements to obtain, process, transfer, disclose and store data.
Rights of individuals
- Access - the right to obtain information on the categories of personal data being processed, the purpose of the processing, the decisions made upon automated processing, entities with whom the personal data is shared.
- Data portability - the right to receive personal data in a structured and machine-readable format.
- Rectification and erasure - the right to rectify inaccurate personal data and the right to delete personal data and be forgotten.
- Restriction of processing - the right to restrict and stop the processing of data where it is inaccurate or there is an objection to the purpose of the processing.
- Processing - the right to object to automated decisions made by automated processing of personal data.
Any questions or queries regarding this Policy and its provisions shall be directed to team@qudratgroup.com.
T: +971 123 456 789 / +971 123 456 789
E: team@qudratgroup.com
Business hours: 24/7
E: team@qudratgroup.com
Business hours: 24/7
