Free Consultation

Privacy Policy

This Privacy Policy (hereinafter “Policy”) sets out the procedure by which the website administrator collects, stores, uses, and protects personal data in accordance with the UAE Data Protection Law (Federal Decree-Law No. 45 of 2021).

 

1. General Provisions

This Policy contains information about what personal data of yours is collected and processed when visiting the website and using its functions, as well as explains the purposes and legal bases of such processing in accordance with the compliance with the UAE Data Protection Law.

The following key terms, corresponding to those defined in UAE Data Protection Law, are used in this document:

 

2. Key Definitions

Personal Data – any information relating to an identified or identifiable natural person.

 

Processing of Personal Data – any operation or set of operations performed on personal data, including, but not limited to:

  • collection, recording, organisation, structuring, storage, adaptation or alteration;
  • downloading, viewing, use;
  • disclosure by transmission, dissemination or otherwise making available;
  • comparison or combination;
  • restriction, erasure or destruction.

Controller – a natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

Processor – a natural or legal person who processes personal data on behalf of the controller.

Data Subject – a natural person whose personal data is processed.

Data Subject’s Consent – any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she signifies agreement to the processing of personal data relating to him or her.

Cookies – small text files that a website stores on a user’s device to store information about the user’s activities or preferences.

Please note that data transmission over the internet (e.g., when communicating via email) may involve security risks, and complete protection against third-party access cannot be guaranteed. Detailed information on the processing of personal data and the measures implemented for their protection is provided in the subsequent sections of this document.

 

3. Data Collection on This Website
3.1. Who is Responsible for Data Collection

Definition:
Controller – a natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.) and is responsible for the processing of the data subject’s personal data.

Controller’s Contact Information on This Website:
Licence number: DMCC-1014836
Licensee name: Shadi Khadzhir FL 489255
Address: DMCC Business Center Level No1, Jewellery & Gemplex 3
Dubai, United Arab Emirates
Email: info@nouga.agency

Inquiries regarding personal data processing:
You may submit requests concerning the processing of your personal data and notifications of possible infringements related to this website or the provision of services to the aforementioned email address.

We undertake to review your inquiry and provide a response no later than 30 calendar days from its receipt, in accordance with the UAE Data Protection Law (Federal Decree-Law No. 45 of 2021) and applicable regulations.

3.2. How We Collect Your Data

Your data is collected, on the one hand, when you provide it to us yourself. This may include:

  • data you enter into the website’s contact form;
  • data you provide to us via email;
  • data you provide by phone;
  • data you provide by checking the relevant checkboxes in forms (e.g., newsletter subscription);
  • data you enter when submitting an order or service request;
  • other data that you voluntarily provide during the use of our services.

Other data is collected automatically by our IT systems or with your consent when visiting the website. This may include:

  • technical data: internet browser, browser version, operating system, device type (computer, smartphone, tablet), screen resolution, system language, IP address, website access time, session duration;
  • data on website usage behavior: pages visited, clicks on elements, navigation sequence, interaction duration with content;
  • location data (based on IP address or other geolocation technologies);
  • data on traffic source: referrer (the page you came from), search query used, or advertising campaign;
  • download and error data: files you have downloaded, errors when loading pages or applications.

3.3. Purposes of Using Your Data

We collect and process your personal data solely for the following purposes:

  • Provision of Services and Support: to fulfill contractual obligations, communicate with you within the scope of projects, and process your inquiries;
  • Improvement of Our Website and Services: to analyze website usage to enhance user experience and service quality;
  • Marketing and Customer Communication: only with your consent, for example, to send newsletters and special offers or display advertisements;
  • Fulfillment of Legal Obligations: to comply with tax, accounting, and other legal regulations;
  • Ensuring Security: to protect our IT systems and prevent misuse.

3.4. Legal Bases for Processing Personal Data

In accordance with the UAE Data Protection Law (Federal Decree-Law No. 45 of 2021), we process your personal data only if at least one of the following legal bases exists:

1. Consent:
If you have provided your voluntary, specific, informed, and unambiguous consent, we process your data only to the extent of that consent. This may include, for example:

  • Newsletter subscription;
  • Use of non-essential cookies;
  • Submission of information via feedback forms outside of contractual relationships.

2. Performance of a Contract or Pre-contractual Measures:
We process your data if it is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract. For example:

  • Website development;
  • Consultation;
  • Preparing an offer based on your request.

3. Compliance with a Legal Obligation:
Processing may be necessary for compliance with our legal obligations, such as:

  • Retaining accounting documents for the period prescribed by law;
  • Responding to mandatory inquiries from state authorities.

4. Legitimate Interests:
In certain cases, data processing may occur based on our legitimate interest, if:

  • It is necessary for the secure, efficient, and reliable operation of our website;
  • We conduct limited customer communication after project completion;
  • We analyze user behavior on the website for optimization purposes.

In such cases, we always conduct an assessment to ensure that the interests, fundamental rights, and freedoms of the data subject do not override our legitimate interest. You have the right to object to such processing at any time on grounds relating to your particular situation.

 

4. List of Personal Data Processed

We collect and process the following personal data of our clients and website users:

  • contact details (first and last name, email address, phone number);
  • data submitted via feedback forms and requests;
  • company data (name, address, legal details);
  • IP address and location data, if necessary for service improvement and security;
  • data collected via cookies and other tracking technologies on the website;
  • data voluntarily provided during consultations, contract performance, and communication with us;
  • information necessary for invoicing and fulfilling contractual obligations;
  • technical data about the user’s browser and device (browser type, version, operating system).

All data is processed only to the extent necessary to achieve the purposes set out in this privacy policy.

 

5. Personal Data Retention Periods

Unless a more specific retention period is stipulated in these terms, your personal data will be retained until the purpose for data processing is no longer relevant, in accordance with the **UAE Data Protection Law (Federal Decree-Law No. 45 of 2021)**.

After the processing is completed or the contract ends, mandatory retention periods stipulated in the laws of the UAE may apply. For example:

  • Business documentation and accounting records: Retained for up to 5 years, in compliance with UAE commercial and tax laws.
  • Correspondence: Retained for up to 3 years, in line with UAE retention guidelines for certain business communications.

If you exercise your right to erasure of personal data or withdraw your consent for their processing, we will delete the respective data, unless their further retention is necessary on other legal grounds (e.g., to comply with mandatory retention periods stipulated in UAE law). In such cases, deletion will occur after the expiry of the respective retention period or the cessation of other legal grounds.

6. Data Subject Rights

In accordance with the UAE Data Protection Law (Federal Decree-Law No. 45 of 2021), as a data subject, you have the following rights regarding your personal data:

6.1. Right to Rectification

You have the right to request the immediate rectification or completion of inaccurate or incomplete personal data that we process.

6.2. Right to Erasure (“Right to be Forgotten”)

You have the right to request the erasure of your personal data if there is no legal basis for their processing (e.g., for fulfilling a legal obligation).
You will be informed of the fulfillment of your request within the period prescribed by law (generally no later than 30 calendar days).

6.3. Right to Restrict Personal Data Processing

You have the right to request the restriction of processing of your personal data. To exercise this right, you may contact us at any time.

The right to restriction of processing applies in the following situations:

  • If you contest the accuracy of personal data held by us — you have the right to request restriction of processing for the period of verification;
  • If your personal data has been or is being unlawfully processed — you may request restriction of processing instead of erasure;
  • If we no longer need your personal data, but they are required by you for the establishment, exercise, or defense of legal claims — you have the right to request restriction of processing;
  • If you have objected to processing and there is a need to verify whether our legitimate grounds override yours.

If the processing of your personal data is restricted, it may — with the exception of storage — only be processed:

  • With your consent;
  • For the establishment, exercise, or defense of legal claims;
  • For the protection of the rights of another natural or legal person;
  • For reasons of important public interest under UAE law.

6.4. Right to Withdraw Consent

You have the right to withdraw your consent for the processing of personal data at any time. This can be done through the following methods:

  • Unsubscribing from newsletters via the “Unsubscribe” link in emails;
  • Changing cookie settings via the banner or browser settings;
  • Contacting us via the contact details provided in the “Who is Responsible for Data Collection” section.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

6.5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance from us, where technically feasible.

6.6. Right to Object to Data Processing

You have the right to object at any time to the processing of your personal data if the processing is based on legitimate interests, for example, for analysis or profiling purposes.
We will cease processing if we cannot demonstrate compelling legitimate grounds that override your rights.

If your data is used for direct marketing purposes, you have the right to object to this at any time. In such a case, your data will no longer be used for advertising purposes.

6.7. Right to Lodge a Complaint with a Supervisory Authority

In the event of a data processing infringement, you have the right to lodge a complaint with a supervisory authority in accordance with the UAE Data Protection Law. If you are dissatisfied with the handling of your data or your rights, you may contact the UAE Data Office, the regulatory authority for data protection in the UAE.

For more details on how to exercise your rights or if you wish to lodge a complaint, please contact the UAE Data Office directly.

7. Cookies

Our websites use cookies to enhance your browsing experience.

When you first visit the website, a cookie banner will be displayed, informing you about the use of cookies and allowing you to give consent for their use or set your preferences.

Cookies are small text files that do not harm your device. They are stored on your device either temporarily during a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after your website visit ends. Persistent cookies remain on your device until you delete them yourself or until they are automatically removed by your web browser.

Sometimes, third-party cookies may also be stored on your device (third-party cookies) by our website. These allow us or you to use certain third-party services (e.g., payment processing cookies).

Cookies serve various functions. Many cookies are technically necessary for the proper functioning of certain website features (e.g., displaying videos). Other cookies are used to analyze user behavior or to display advertisements.

Cookies that are necessary for carrying out electronic communication (necessary cookies), for providing certain functions requested by you (functional cookies), or for website optimization (e.g., web analytics cookies) are stored based on UAE Data Protection Law (Federal Decree-Law No. 45 of 2021) and applicable legal grounds, such as legitimate interest. The website administrator has a legitimate interest in storing cookies to ensure technically flawless and optimized service provision.

If consent has been requested for storing cookies, the respective cookies are stored solely based on that consent. Consent can be withdrawn at any time.

You can configure your browser to inform you about the use of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies in certain situations, or entirely, and to activate the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of the website may be limited.

If cookies are used by third parties or for analytical purposes, we will inform you separately within the framework of this privacy policy and, if necessary, ask for your consent.

Server Logs

The website service provider automatically collects and stores information in server logs, which your browser automatically transmits to us. This data includes:

  • Browser type and version;
  • Operating system used;
  • Referrer URL;
  • Hostname of the accessing computer;
  • Time of the server request;
  • IP address.

This information is stored based on our **legitimate interest** in ensuring the technical functioning and security of the website in compliance with the UAE Data Protection Law.

 

8. Third-Party Services and Analytics Tools Used

8.1. Cookie Banner CookieYes

Service Provider:
CookieYes Limited
Address: 3 Warren Yard, Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom

Purpose of the Service:

managing user consent for the use of cookies on our website.

Operating Principle:

  • upon entering our website, CookieYes stores a cookie in your browser;
  • the cookie contains data about your choice: consent or refusal; date; IP address;
  • this data is not transferred to third parties.

Data Processing:

  • the plugin does not process personal data in terms of its transfer or use by third parties;
  • all information about your choice is stored locally in the browser as a cookie.

User Rights:

  • You can change or withdraw your consent at any time by clicking the “Cookie Settings” button, located at the bottom of the website.

CookieYes Privacy Policy:
https://www.cookieyes.com/privacy-policy/

8.2 Google Analytics

Service Provider:
Google Ireland Limited
Address: Gordon House, Barrow Street, Dublin 4, Ireland

Purpose of the Service:

  • analyzing website usage using cookies.

Operating Principle:

  • Google Analytics uses cookies, which enable the analysis of your website usage;
  • information collected by cookies (including your abbreviated IP address) is usually transmitted to and stored on Google’s servers in the United States;
  • we use IP address anonymization – your IP address is truncated beforehand in member states of the European Union or the European Economic Area.

Your Rights:

  • You have the right to withdraw your consent at any time.

Google’s Privacy Policy:
https://policies.google.com/privacy?hl=et

8.3 Divi’s Basic Captcha

Service Provider:
Elegant Themes
Address: 977 West Napa Street #1002, Sonoma, CA 95476, USA

Purpose of the Service:

  • protecting contact forms from automated submissions (bots);
  • preventing misuse;
  • ensuring the technical security of the website.

Specifics of Divi’s Basic Captcha operation:

  • operates locally;
  • does not use third-party APIs or external servers;
  • does not transmit or store personal data with third-party service providers;
  • the check is performed entirely in the user’s browser.

Scope of Data Processing:

  • processing is limited solely to the verification of functional input.

Elegant Themes’ Privacy Policy:
https://www.elegantthemes.com/policy/privacy/

8.4 Google Maps

Service Provider:
Google Ireland Limited
Address: Gordon House, Barrow Street, Dublin 4, Ireland

Purpose of the Service:

  • displaying our studio’s location on a map in real-time.

Specifics of Operation:

  • when using the map, your IP address may be transmitted to Google;
  •  
  • during the use of the service, cookies may be set and used.

Google’s Privacy Policy:
https://policies.google.com/privacy?hl=et

8.5. Third-Party Platforms (WhatsApp, Telegram, Threads, LinkedIn)

Our website may use hyperlinks, buttons, icons, or widgets that lead you to external platforms or chats:

  • WhatsApp (WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Telegram (Telegram Messenger LLP, London, United Kingdom)
  • Threads (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
  • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

These elements (icons, buttons, etc.) are implemented as simple links, which are activated only upon your click.

Possible data transfer to platforms:

  • IP address;
  • data about your browser and operating system;
  • the address of the page from which the redirection occurred;
  • your user account identifier on the respective platform (if you are logged in).

Important: we have no influence whatsoever on the further processing of this data by the respective service providers.

Data processing is carried out according to the terms and privacy policies of these platforms. Redirection to such links occurs only at your own request and initiative.

Recommendation: before using such functions, we ask you to familiarize yourself with the privacy policies of the respective platforms.

Third-Party Platform Privacy Policies:

WhatsApp: https://www.whatsapp.com/legal/privacy-policy-eea

Telegram: https://telegram.org/privacy

Threads (Meta): https://privacycenter.instagram.com/policy

LinkedIn: https://www.linkedin.com/legal/privacy-policy

8.6 MailerLite

Service Provider:
MailerLite Limited
Address: 88 Harcourt Street, Dublin 2, D02 DK18, Ireland

Purpose of the Service:

  • Delivery of newsletters and special offers.

Operating Principle:

  • Data is processed on MailerLite servers solely based on your given consent.

Data Processed:

  • email address;
  • name (if provided);
  • IP address;
  • information about interaction with emails (opens, clicks).

Your Rights:

You can unsubscribe from the newsletter at any time by clicking the “Unsubscribe” link at the bottom of the email.

MailerLite Privacy Policy:
https://www.mailerlite.com/legal/privacy-policy

8.7 Web Hosting

Service Description:
We use a service provider to host our website. The website is located on the service provider’s servers and is thus accessible via the internet (web hosting).

Data Processing by the Service Provider:
The service provider may process all data that your browser transmits and that arises from the use of our website. This includes, in particular:

  • Your IP address – necessary for delivering our web service to your browser;
  • all entries you make via our website.

In addition, the service provider may collect the following data:

  • date and time of access to our website;
  • time zone difference from Greenwich Mean Time (GMT);
  • access status (HTTP status);
  • volume of data transferred;
  • internet service provider of the access system;
  • type and version of the browser used;
  • operating system used;
  • the website from which you may have accessed our website;
  • the pages or subpages of our website that you visit.

Data Storage:
The above data is stored as log files on our service provider’s servers. This is necessary to ensure the reliability and security of our website.

Data Processed:

  • content-related information (e.g., posts, photos, videos);
  • usage data (e.g., access time, visited websites);
  • communication data (e.g., information about the device used, IP address).

Data Subjects:

  • users of our website.

Purpose of Processing:

  • displaying and ensuring the functionality of our websites.

Web hosting ordered by us:
Service Provider: Zone Media OÜ
Address: Lõõtsa tn 5, 11415 Tallinn, Estonia
Privacy Policy: https://www.zone.ee/en/zone-media-ou-privacy-policy/

9. Personal Data Security Measures

(In accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data)

We implement appropriate and comprehensive technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction, in compliance with the UAE Personal Data Protection Law (PDPL) and its implementing regulations.

9.1 Technical Security Measures

  • Protection of data transmission via the website using a secure HTTPS protocol (SSL/TLS).
  • Implementation of firewalls and intrusion prevention systems.
  • Regular software updates, including CMS, plugins, and server software.
  • Data storage on servers with restricted physical and remote access.
  • Data backup with secure storage of backup copies.
  • Limiting the number of access points and monitoring system activity.

9.2 Organizational Security Measures (UAE Personal Data Protection Law – Federal Decree-Law No. 45 of 2021)

Access to personal data is restricted to authorized employees, service providers, or contractual partners who are bound by confidentiality obligations in accordance with the UAE Personal Data Protection Law (PDPL).

Regular employee training is conducted regarding personal data processing requirements, security standards, and compliance obligations under UAE data protection regulations.

Conclusion of Data Processing Agreements with data processors in line with the requirements of the UAE PDPL, ensuring that processors implement appropriate technical and organizational safeguards.

Implementation of internal password management, access control policies, and information security procedures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

9.3 Physical Protection

  • Servers are located in data centers with controlled physical access, video surveillance, and access card-based authorization.
  • Restricting unauthorized access to devices on which personal data is processed.

9.4 Security Control and Audit

(In accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data)

Periodic review, assessment, and testing of technical and organizational security measures to ensure the ongoing confidentiality, integrity, and availability of personal data.

Regular updating and enhancement of protection measures in line with technological developments, risk assessments, and applicable legal or regulatory requirements under UAE law.

Implementation of procedures for identifying, managing, and documenting personal data breaches, including notification to the UAE Data Office and affected data subjects where required under the UAE Personal Data Protection Law and its implementing regulations.

10. Cross-Border Data Transfer

The processing and storage of personal data may take place within the United Arab Emirates or in other jurisdictions where our service providers operate servers.

Transfers of personal data outside the United Arab Emirates are carried out only in compliance with the UAE Personal Data Protection Law (PDPL) and its implementing regulations, including where:

  • The destination country ensures an adequate level of data protection as recognized by the UAE Data Office; or

  • Appropriate safeguards and contractual measures are implemented to ensure that the personal data is afforded protection equivalent to that required under UAE law; or

  • An applicable statutory exception under the PDPL permits such transfer.

Cross-border transfers may occur in the following cases:

  • When using analytics and mapping services provided by Google Ireland Limited, with potential data processing by Google LLC on servers located outside the UAE;

  • When distributing newsletters through MailerLite Limited, where in certain circumstances data may be processed in other jurisdictions due to technical or operational requirements.

In all cases, appropriate technical, organizational, and contractual safeguards are implemented to protect personal data in accordance with UAE data protection requirements.

 

11. Changes to the Privacy Policy

We reserve the right to amend or supplement this privacy policy at any time to align it with legal changes or technical modifications on our website.

The current version is always available on our website.

Last updated: 10 02, 2026