United Arab Emirates
About Us Advertise with Us Contact Us

UAE PDPL

Overview of compliance with the UAE Personal Data Protection Law.

1. UAE PDPL Overview

The UAE Personal Data Protection Law (PDPL) is the United Arab Emirates' comprehensive personal data protection regulation. It applies to organizations processing personal data within the UAE. HAI UAE fully complies with PDPL requirements.

2. Our PDPL Commitment

HAI UAE is committed to:

  • Processing personal data lawfully and fairly
  • Collecting data only for clear and specified purposes
  • Ensuring data accuracy and completeness
  • Maintaining confidentiality and security
  • Respecting individual privacy rights
  • Operating transparently in data handling

3. Data Subject Rights

3.1 Right to Know

You have the right to:

  • Know what personal data we have about you
  • Understand purposes of data collection and processing
  • Know who has access to your data
  • Request this information in writing
  • Receive response within 30 days

3.2 Right of Access

You can request:

  • A copy of your personal data
  • Information in clear, understandable language
  • Access at no cost (usually)
  • Access in reasonable frequency

3.3 Right to Correction

You may request:

  • Correction of inaccurate data
  • Completion of incomplete data
  • Updates to outdated information
  • Verification of accuracy

3.4 Right to Erasure

You can request deletion of personal data if:

  • No longer necessary for original purposes
  • Unlawfully processed
  • No legal basis for retention
  • Exception: Legal obligations requiring retention

3.5 Right to Object

You may object to processing when:

  • Processing violates your rights
  • Causing you harm or damage
  • Infringing upon privacy

3.6 Right to Restrict Processing

You can request limitation of data processing:

  • During disputes about accuracy
  • When processing is unlawful
  • When data is no longer needed for original purpose

4. Personal Data Categories

The PDPL defines personal data as any information relating to an identified or identifiable natural person:

  • Name and contact information (email, phone, address)
  • Identity verification data (ID number, passport)
  • Financial information (bank accounts, payment methods)
  • Employment data (position, organization)
  • Biometric data (fingerprints, facial recognition)
  • Health and medical information
  • Online identifiers (IP address, cookies)
  • Location data
  • Sensitive personal data (race, religion, political affiliation)

5. Sensitive Personal Data

We handle sensitive data with heightened protection:

  • Biometric data: Extra security measures
  • Health data: Restricted access and processing
  • Financial data: Encryption and secure storage
  • Processing only with explicit consent (where required)
  • Minimal retention periods

6. Legal Basis for Processing

HAI UAE processes personal data only based on:

  • Explicit Consent: You've given clear, informed permission
  • Contract: Processing necessary to fulfill our service agreement
  • Legal Obligation: Required by UAE law or regulation
  • Vital Interest: Protection of health and life
  • Public Task: Official authority of a federal agency
  • Legitimate Interest: Our business operations (when outweighing individual rights)

7. Data Collection Standards

We collect personal data only when:

  • Necessary for stated purposes
  • Collected fairly and transparently
  • Limited to what's essential
  • Relevant and not excessive
  • Kept accurate and up-to-date

8. Data Retention

We retain personal data only as long as necessary:

  • Account information: Duration of account + 2 years
  • Transaction records: 7 years (legal requirement)
  • Communication data: 3 years after last contact
  • Marketing data: Until withdrawal of consent
  • Support records: 3 years after resolution

9. Data Security

HAI UAE implements security measures to protect personal data:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Control: Limited access to authorized personnel only
  • Authentication: Strong password policies and 2FA
  • Infrastructure: Secure servers and firewalls
  • Monitoring: Continuous security monitoring and audits
  • Training: Employee data protection training

10. Sub-processors and Third Parties

When processing with third parties:

  • Contracts in place protecting your data
  • Third parties bound by same PDPL obligations
  • Sub-processor list available upon request
  • You can request information about third-party processors

11. Data Breach Notification

In case of unauthorized data access:

  • We notify affected individuals immediately
  • We notify PDPL Authority within required timeframe
  • We explain nature, scope, and consequences of breach
  • We provide steps to mitigate effects
  • We document all breach information

12. Submitting a PDPL Request

12.1 How to Submit

  • Email: hello@haiuae.com
  • Online Portal: Privacy center in account settings
  • By Mail: Formal written request to our registered address

12.2 Request Information

  • Your full name and contact information
  • Identification proof (copy of ID)
  • Type of request (access, correction, deletion, etc.)
  • Specific details about your request

12.3 Response Timeline

  • Acknowledgment: Within 5 business days
  • Response: Within 30 days of receipt
  • Extension: Additional 30days for complex requests

13. International Transfers

If we transfer data outside the UAE:

  • Recipient country has equivalent protection level
  • PDPL Authority approval obtained if required
  • Explicit contracts protect your data
  • You can request information about transfers

14. Children's Data

Regarding minors (persons under 18):

  • Services are not directed to children under 13
  • We do not knowingly collect data from children
  • Parents can request deletion of minor's data
  • Minors can exercise rights through guardian

15. PDPL Authority

The PDPL Authority oversees compliance in the UAE:

  • Website: PDPL Authority official website
  • Complaint Process: File complaints for PDPL violations
  • Cooperation: We cooperate fully with PDPL Authority investigations

16. Data Protection Officer Contact

HAI UAE has appointed a Data Protection Officer:

  • Email: dpo@haiuae.com
  • Phone: Available during business hours
  • Address: Dubai, UAE

17. Complaint and Dispute Resolution

If you believe your PDPL rights have been violated:

  1. Contact us first: privacy@haiuae.com
  2. Provide details of violation and desired resolution
  3. We respond within 30 days
  4. If unsatisfied, lodge complaint with PDPL Authority

18. Updates to This Policy

We may update this policy to reflect:

  • Changes in PDPL Law
  • Updated data practices
  • Organizational changes
  • Notification: At least 30 days' notice for material changes

19. Contact Information

For PDPL-related inquiries and requests:

  • PDPL Inquiries: hello@haiuae.com
  • Data Protection Officer: hello@haiuae.com
  • General Privacy: hello@haiuae.com
  • Business Hours: Sunday - Thursday, 9 AM - 6 PM UAE Time

Last updated: 25 May 2026

Other Legal Information

→ Terms of Service → Privacy Policy → Cookies Policy → Refund Policy → Accessibility → Security → GDPR → CCPA → UAE PDPL