Privacy Policy

Who is responsible for your data? (Controller)

• Controller details:

  • Legal name: Vastara Trading Fzco

  • Address: Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates
  • Email: [email protected]
  • Email: +971 524536714

• Laws and regions

  We aim to follow the UAE’s federal privacy framework, including the UAE Personal Data Protection Law (PDPL), which the UAE government notes came into force on 2 January 2022.
  If your dealings relate to the Dubai International Financial Centre (DIFC), DIFC Data Protection Law No. 5 of 2020 may apply.
  If you are in the EEA/UK, GDPR/UK GDPR concepts (like “lawful basis”) may also be relevant.

• What this policy covers

  This policy covers:

  • Website visits

    Website visits (including forms, chat, and quote requests).

  • Sales enquiries

    Sales enquiries and supplier onboarding.

  • Customer support

    Customer support and technical support (software & systems division).

  • Marketing communications

    Marketing communications (where you opt in).

  • Event/webinar registrations

    Event/webinar registrations (if offered).

• What this policy does not cover

  Third-party websites you click from our site have their own policies. Vastara is not responsible for third-party privacy practices.

When you browse the site

• Device and log data

  IP address, browser type, pages visited, timestamps, and referral source.

• Cookie data

  Preference choices, analytics signals (only if enabled), and session functionality.

When you request a quote/contact sales

• Identity and business contact

  Name, company, role, email, phone.

• Enquiry content

  Product specs, volumes, target dates, delivery location, Incoterms (if discussed).

• Business context

  Your requirements, project timelines, and any documents you attach.

When you become a customer or supplier (B2B)

• Account and onboarding info

  Company registration details, VAT/TRN (if applicable), invoicing contacts.

• KYC/due diligence (where necessary)

  Screening details to meet compliance requirements.

• Transaction records

  Quotations, POs, invoices, shipments, and delivery notes.

When you ask for technical support (software & communication systems)

• Support identifiers

  User name, company, device type, system version.

• Diagnostic data (only what’s needed)

  Error logs, screenshots, configuration details, network info.

If you apply for a job

• CV/resume

  CV/resume, contact details, employment history, and role preferences.

• Reference information

  Reference information (if you provide it).

Special categories (sensitive data)

Purposes

• Respond to enquiries and send quotations.
• Perform contracts and deliver services/products.
• Manage logistics, documentation, and compliance workflows.
• Provide customer support and technical support.
• Improve the website and user experience.
• Send updates and marketing (only when allowed).
• Protect against fraud, abuse, and security risks.

Lawful bases:

Marketing choices

• You can opt out of marketing anytime by using the unsubscribe link or emailing us.
• We try to keep emails relevant (industry updates, product availability, compliance alerts).

Who we share data with

• Operational partners

  • Freight forwarders, shipping lines, and customs brokers (for delivery and clearance).
  • Warehouses and last‑mile couriers (for distribution).
  • Payment and banking partners (for invoicing and settlement).

• Technology partners

  • Website hosting and email service providers.
  • CRM/helpdesk tools (to manage leads and support tickets).
  • Security monitoring tools (to protect systems).

• Professional and legal

  • Auditors, insurers, lawyers (when needed).
  • Authorities where required by law or valid legal requests.

• Processors and contracts

  Where vendors process data on our behalf, we expect confidentiality and security controls, and we limit access to a need-to-know basis.

• Cross‑border transfers

  Trading is global, so data may be processed in other countries (e.g., cloud hosting, international shipping coordination).
  If DIFC rules apply to a processing activity, we consider DIFC Data Protection Law No. 5 of 2020 as the reference framework for DIFC-related processing.

• Data retention

  We keep personal data only as long as needed for:
  • Sales history, after-sales support, and warranty/logistics traceability.
  • Accounting, audit, and compliance retention duties.

  • Typical retention logic

    • Enquiries that don’t convert: kept for [6–18 months].
    • Customer/supplier records: kept for the contract period for audit/tax.
    • Support tickets: kept for [12–36 months] depending on complexity and warranty needs.

• Security (how we protect data)

  We use reasonable technical and organisational measures, such as:
  • Access control and role-based permissions.
  • Encrypted connections where supported (TLS).
  • Backups and monitoring.
  • Vendor security reviews for key systems.

• Breach handling

  The UAE PDPL compliance ecosystem commonly references breach notification expectations and governance steps (like records of processing, DPO/DPIA in higher-risk cases). If a breach creates a real risk, we will take steps to notify and mitigate as required.

Cookies and preference controls

• Essential cookies (site functions).
• Analytics cookies (only if enabled).
• Preference cookies (remember settings).
• Marketing cookies (only if enabled, where used).

• Control cookies

  You can control cookies through:
  • Our cookie banner (if enabled).
  • Your browser settings.

Your privacy rights

• Access to your personal data.
• Correction of inaccurate data.
• Deletion (where legally allowed).
• Objection or restriction (in some cases).
• Withdrawal of consent where processing is based on consent.

How to make a request

Children

Changes to this policy