Privacy Policy

Scope

CMA respects the privacy of the Website users and highly values their trust in it. In this Privacy Policy, we explain how we collect, use, disclose, and protect your information when you visit the Website and customer portal. This policy might change at any time and for any reason.

We advise you to periodically check and review this page to stay informed of any updates. Using the Website and application means your acceptance and adherence to our Privacy Policy.

This Privacy Policy:

  • Explains our approach to processing any personal data that we might collect from you or which we have obtained about you from a third party and the purposes for which we process your personal data;

  • Informs you of the nature of the personal data about you that is processed by CMA and what your rights are in relation to it; and

  • Only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their services.

Personal data and Processing

The term “Personal Data” means any data relating to an identified natural person, or one who can be identified directly or indirectly by way of linking data, including by using identifiers such as their name, identification number, image or geographic location amongst other things.
When we use the term "processing" we mean any operation or set of operations which is performed on personal data, including for example, its collection, storage, organisation, adaptation, circulation, modification, retrieval, exchange, use, classification, disclosure or deletion.

Data Collection

When you browse, read pages, or download information from the Website, we automatically gather and store certain information about your visit. This information is used for statistical purposes only and covers the below:

  • The IP address and geolocation to identify the country from where you are accessing the Website or customer portal.

  • Personal identifying information such as name, contact details, if provided by the user.

  • The name of the top-level domain from which you access the Internet (for example: .ae, .com, etc).

  • The type of browser you use.

  • The timestamp of your site access.

  • The pages you access.

  • The documents you have downloaded and the previous internet address from which you came directly to the site.

We will also collect data that you provide to us directly through the submission of documents and information as part of a request for services, for example documents you submit as part of a license application.

We do not collect this data for commercial or marketing purposes, and CMA does not sell, exchange or otherwise distribute the data collected for any commercial or marketing purposes.

We sometimes conduct online surveys to gather users’ feedback for research and service improvement purposes. Participation in these surveys is optional and not mandatory

Use and Disclosure of Personal Information

You can browse and access information on the Website without providing any personal details, whether directly identifying or reasonably inferable. If you choose to provide personal information, such as for accessing CMA services, new company/freelancer registration, or through contact forms, this data will be stored on our servers if necessary for logging and service tracking purposes.

CMA might share this information only with twofour54 or other government entities and use it to update you on the status of your service transactions or to assess your feedback for improving the quality of the services.

Under the Data Protection Law, we rely on various legal bases to process
your personal data lawfully. In some cases, multiple legal bases may apply.
The table below outlines the applicable legal bases and explains their
meaning:

Legal basis Ground for processing Explanation
Contract If the processing is
necessary to perform a
contract to which you are a
party or to take, at your
request, procedures for
concluding, amending or
terminating a contract.		 This would cover any
contractual duties and/or
exercising our
contractual rights under
your contract with us.
Legal Obligation If the processing is
necessary to fulfill
obligations imposed by
applicable law.		 Ensuring we perform our
legal and regulatory
obligations, such as our
audit requirements.
Consent You have given specific
consent to the processing
of your Personal Data.		 This consent must be
provided in a clear,
simple, unambiguous
and easily accessible
manner. You also have
the right to withdraw your
consent at any time.
Legal
Proceedings		 If the processing is
necessary to defend
against any action to claim
rights or legal proceedings.		 This covers instances
where we may be in
dispute with you or a
third-party.

Purposes for processing personal data

We have outlined the legal bases for processing your personal data. Below
are examples of the specific purposes for which your personal data may be
processed:

Purpose Examples of personal data Legal basis
To comply with
applicable laws i.e.,
audit requirements		 Personal identifying
information		 Legal Obligation
To process your
request for services		 Personal identifying
information		 Consent

Cookies

CMA website uses "persistent cookies" for any personalised content.

  • Personalised content: is the content from the Website, which is delivered to a browser after a user has logged in once.

  • Cookies are text files, or entries in larger files, utilised to distinguish between visitors to the Website, and to track information during multiple visits to the Website.

The use of cookies is a standard practice among Internet portals and websites. Most Internet web browsers may be customised to reject cookies, to only accept or reject cookies by user intervention, or to delete cookies. Rejecting and/or removing cookies, however, may lead to the loss of functionality on those pages requiring cookies to function fully.

The Website uses cookies to:

  • Help you navigate our website.

  • Facilitate the sign up and sign in process for our services.

  • Personalise your experience on our Website.

External Links

The Website and customer portal contains links that redirect the user to external websites. CMA will not be responsible for the content and the privacy practices of other websites, and we encourage you to examine each website's privacy policy and make your own decisions regarding the accuracy, reliability and correctness of material and information found.

Retention of personal data

While there is no fixed retention period for your Personal Data, we will not retain it longer than necessary for the purpose for which it was collected. After this period, we will evaluate its relevance to our business needs and consider any applicable statutory limitation periods to determine whether further retention is required.

Security

CMA has appropriate security measures in place to protect against the loss, misuse or alteration of information that has been posted. These measures cover commercial software programmes and secure technology infrastructure to monitor network traffic, authenticate legitimate users and identify unauthorised attempts to upload or change information, or otherwise cause damage.

Access, Correction and Deletion of Information

CMA will provide authenticated individuals with the personal information that has been collected on them upon request. Individuals are encouraged to correct any errors in their personal information so that the right level of interaction with the Website and customer portal is maintained.

CMA Social Media Channels

CMA uses social media to share information and engage with the public. Information related to events and achievements is posted on the platform’s social media accounts.

Please be aware that the privacy policies adopted by social media platforms may differ from this Privacy Policy. Therefore, we advise you to review the privacy policy of each individual platform.

Data Subject Rights

Under the Data Protection Law, you have a number of rights that can be exercised, subject to certain limitations. Below we have outlined the rights available to you under the Data Protection Law. Should you wish to exercise any of these rights, please contact [email protected] .

  • The right to correction – any personal data that you identify as inaccurate, you have the right to request that it is corrected.

  • The right to erasure – you may request the erasure of your personal data if it is no longer required for the original purpose, if you withdraw your consent, if you object to the processing and we have no legitimate reason to continue, or the processing is in violation of an applicable law.

  • The right to restrict processing – you have the right to restrict the processing of your personal data if the data is inaccurate, it is contrary to the original purpose or is carried out in violation of an applicable law.

  • The right to stop processing – you shall have the right to object to the processing of your personal data and stop it if the processing relates to direct marketing, conducting statistical surveys or the processing is unlawful.

Complaints

Please be advised that you have the right to lodge a complaint with the UAE Data Office is you are dissatisfied with any of our responses or believe we are processing data unlawfully.