GDPR Compliance

1. GDPR Overview

The General Data Protection Regulation (GDPR) is the European Union's comprehensive privacy law that applies to organizations processing personal data of EU/EEA residents. HAI UAE complies fully with GDPR requirements.

2. Our GDPR Commitment

HAI UAE commits to:

• Processing personal data lawfully, fairly, and transparently
• Collecting data only for specified, explicit, and legitimate purposes
• Maintaining data accuracy and keeping personal data up-to-date
• Retaining data only as long as necessary
• Ensuring integrity and confidentiality of personal data

3. Legal Basis for Data Processing

We process your personal data based on:

• Consent: You've explicitly agreed to data processing
• Contract: Processing necessary to fulfill our service agreement
• Legal Obligation: Required by law or regulation
• Legitimate Interest: Processing necessary for our business operations
• Vital Interest: Protection of life and health

4. Your GDPR Rights

4.1 Right to Access (Article 15)

You have the right to:

• Request a copy of all personal data HAI UAE holds about you
• Receive information about our data processing practices
• Know the purposes and legal basis for processing
• Request this at any time free of charge

4.2 Right to Rectification (Article 16)

You can:

• Request correction of inaccurate personal data
• Ask us to complete incomplete information
• Update your profile information anytime

4.3 Right to Erasure (Article 17)

You have the "right to be forgotten":

• Request deletion of your personal data
• Applicable when data is no longer necessary
• Exceptions: Legal obligations, legitimate interests
• Processing typically completed within 30 days

4.4 Right to Restrict Processing (Article 18)

You can request we limit how we use your data:

• While disputing accuracy
• When processing is unlawful but you prefer restriction
• When the data is no longer needed but you require it for legal claims

4.5 Right to Data Portability (Article 20)

You have the right to:

• Receive a copy of your data in machine-readable format
• Transmit that data to another service provider
• Applicable when processing is based on consent or contract

4.6 Right to Object (Article 21)

You can object to:

• Processing based on legitimate interests
• Direct marketing and profiling
• Automated decision-making

4.7 Rights Regarding Automated Decision-Making (Article 22)

You have the right to:

• Not be subject to decisions based solely on automated processing
• Request human review of automated decisions
• Express your views and contest automated decisions

5. Data Processing Activities

5.1 Essential Processing

• Account creation and authentication
• Service delivery and customer support
• Payment processing
• Legal and compliance obligations

5.2 Marketing and Analytics

• Email marketing (with your consent)
• Usage analytics and improvement
• Personalized recommendations
• You can opt-out anytime

6. Data Transfers Outside EU/EEA

If your data is transferred outside the EU/EEA:

• We ensure adequate safeguards are in place
• Standard Contractual Clauses (SCCs) are used
• Binding Corporate Rules (BCRs) where applicable
• You can request information about transfer mechanisms

7. Data Retention

We retain your personal data only as long as necessary:

• Account data: For duration of service + 2 years
• Transaction data: 7 years (legal requirement)
• Marketing data: Until you unsubscribe
• Support records: 3 years

8. Data Protection Officer (DPO)

HAI UAE has appointed a Data Protection Officer to oversee GDPR compliance.

• Email: hello@haiuae.com
• Phone: Available during business hours

9. Submitting a GDPR Request

To exercise your GDPR rights:

1. Email your request to: hello@haiuae.com
2. Include your full name and email address
3. Clearly state which right you're exercising
4. Provide relevant details or documents
5. We'll respond within 30 days (extendable by 60 days for complex requests)

10. Verifying Your Identity

We may request identification to verify your identity before processing requests. This protects your privacy and prevents unauthorized access to your data.

11. Right to Lodge a Complaint

If you believe your GDPR rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority (DPA):

• European Union: List of DPAs by member state
• UK: ICO Complaints

12. Sub-processors and Third Parties

We use sub-processors for specific functions:

• Payment processors (PCI compliant)
• Email service providers
• Analytics platforms
• Cloud hosting providers

All sub-processors are contractually obligated to meet GDPR standards.

13. Updates to This Policy

We may update this GDPR policy to reflect changes in law or our practices. Notification will be provided for material changes.

14. Contact Information

For GDPR-related inquiries:

• GDPR Inquiries: hello@haiuae.com
• Data Protection Officer: hello@haiuae.com
• General Privacy: hello@haiuae.com