Effective date: 1st June 2024
1. Introduction
Welcome to AIRFLOW MIDDLE EAST (AFS Air Conditioning L.L.C). This Privacy Policy outlines our practices concerning the collection, use, and disclosure of your personal data when you utilize our services and visit our website. We are committed to protecting your privacy and ensuring that your personal data is managed in a safe, confidential, and secure manner, in accordance with the legal requirements set forth by the UAE Federal Law No. 45 of 2021 on the Protection of Personal Data, other relevant UAE privacy laws, The Personal Data Protection Law in Saudi Arabia as per the Saudi Data & AI Authority (SDAIA) guidelines, the laws and regulations set by the Gulf Cooperation Council (GCC) for electronic transactions and personal data protection and the General Data Protection Regulation (GDPR).
2. Data Controller Information
AFS Air Conditioning L.L.C, operating as AIRFLOW MIDDLE EAST, is the data controller responsible for processing your personal data. Our headquarters are located at:
Address: 913-B, Ibn Battuta Gate Offices, P.O. Box 114320, Dubai, UAE
Phone: +971 4 420 2091
Email: afs@airflowinternational.com
For any questions or concerns regarding our data processing practices or this Privacy Policy, please contact us at the details provided above.
3. Personal Data Collected
We collect various types of personal data to provide and improve our services. Here are the categories of data we collect:
Identification Information: Your name, address, telephone number, email address, and other contact details.
Device and Access Information: IP address, browser type, version, device identifiers, and your activity on our website.
Transactional Data: Details about the services you have purchased from us and payment information.
Communications Data: Information contained in any communication between you and us.
We collect this data through different methods:
Directly from you, when you provide it to us by filling in forms on our site, corresponding with us by phone, email, or otherwise.
Automatically as you navigate through our site, information collected via cookies and other tracking technologies.
4. Purposes of Data Processing
We process your personal data for various purposes:
To Provide and Manage Our Services: We use your information to perform our contract with you, to bill you, and to maintain our business relationship.
Customer Support: To offer customer support and respond to your inquiries.
Marketing and Communications: To inform you about changes to our services, new services, and special offers we think you will find valuable, if you have consented to such communications.
Compliance and Enforcement: To comply with our legal obligations, enforce our terms and conditions, and protect our rights in the context of legal claims.
5. Legal Basis for Processing
The processing of your data is based on several legal grounds:
Contractual Necessity: The processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
Legal Obligations: Processing necessary for compliance with a legal obligation to which we are subject.
Consent: Where you have given clear consent for processing your personal data for a specific purpose.
Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
6. Data Recipients
We may share your personal data with selected third parties, which include:
Service Providers: Companies that provide services on our behalf, such as payment processing, data analysis, email delivery, hosting services, and customer service.
Business Partners: Third parties with whom we may jointly offer products or services. We ensure these parties are bound by confidentiality agreements and do not use your data for any other purposes.
Legal and Regulatory Authorities: We may disclose your information if required by law or if necessary for the protection of our legal rights, compliance with regulatory requirements, or in other legal proceedings.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7. International Data Transfers
Your personal data may be transferred to, and processed in, countries outside of the UAE and the European Economic Area (EEA). However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy. These include:
Implementing Standard Contractual Clauses approved by the European Commission, which give personal data the same protection it has in Europe.
Verifying if the third country has been deemed to provide an adequate level of protection for personal data by the European Commission.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the above safeguards is implemented.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
When your personal data is no longer required, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
9. Data Subject Rights
You have several rights under data protection laws in relation to your personal data. These include the right to:
Access your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
10. Consent and Withdrawal
You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
11. Data Protection Measures
11.1 Security Practices
We implement a variety of security measures designed to maintain the safety of your personal data. These include physical, electronic, and administrative safeguards such as firewall technologies, encryption protocols, and secure server facilities. Our security practices are aligned with international standards and are regularly reviewed and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
11.2 Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of it. If the breach is likely to result in a high risk to your personal rights and freedoms, we will also communicate the breach directly to you without undue delay.
12. Use of Cookies and Similar Technologies
12.1 Cookies Usage
Our website uses cookies and similar tracking technologies to track the activity on our service and we hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. These are sent to your browser from a website and stored on your device. Other tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our service.
12.2 Control Over Cookies
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service. For more detailed information about the cookies we use, the purposes for which we use them, and how to manage them, please see our Cookie Policy.
13. Automated Decision-Making and Profiling
13.1 Automated Decision-Making
We do not use automated decision-making processes, including profiling, that would have a legal effect or similarly significant effect on you. If in the future we decide to use such technologies, we will update this policy and provide mechanisms for you to consent or object where applicable.
14. Data Protection Officer (DPO)
14.1 DPO Contact Details
To ensure high standards of data protection and compliance with applicable laws, we have appointed a Data Protection Officer (DPO). If you have any questions about this privacy policy or our data protection practices, please contact our DPO at:
Email: dpo@airflowinternational.com
Address: 913-B, Ibn Battuta Gate Offices, P.O. Box 114320, Dubai, UAE
Phone: +971 4 420 2091
14.2 DPO Responsibilities
The DPO is responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR and UAE privacy requirements.
15. Complaints and Contact Information
15.1 Contact Us
For further inquiries, or if you believe your data protection rights have been violated, you may contact us directly at the above-mentioned contact details. We are committed to resolving any complaints about our collection or use of your personal data.
16. Changes to the Privacy Policy
16.1 Updates and Amendments
We may update our Privacy Policy from time to time to reflect changes to our data processing practices, changes in legal or regulatory requirements, or to accommodate new technologies or improvements to our services. When we make changes, we will revise the "Last Updated" date at the top of the policy and post the new Privacy Policy.
16.2 Notification of Changes
We encourage you to review our Privacy Policy periodically for any changes. Substantial changes to our Privacy Policy will be communicated to you, either through the email address you have provided us or through a prominent notice on our website.
17. Third-Party Links and Services
17.1 External Links
Our website may contain links to external websites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.
17.2 Caution
You are free to follow links to other websites, but any such access is at your own risk. We encourage you to review the Privacy Policy of each website you visit.
18. Children’s Privacy
18.1 Age Restrictions
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact our Data Protection Officer.
18.2 Parental Consent
If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.
19. Social Media and Plugins
19.1 Integration of Social Media Plugins
Our website includes social media features, such as the Facebook Like button and widgets, such as the "Share this" button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly.
19.2 Social Media Policy
Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy policy of the company providing it.
20. Binding Nature and Acknowledgment
20.1 Acceptance of Terms
By using our services and accessing our website, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms. You consent to the collection, use, and sharing of your information as described in this policy.
20.2 Legal Effect
This Privacy Policy forms part of the legal agreement between you and AFS Airconditioning L.L.C. It provides the terms under which we collect and process your personal data.
Compliance with other Jurisdictions
21. Compliance with Saudi Arabia Privacy Laws
21.1 Personal Data Protection Law (PDPL)
We adhere to the Personal Data Protection Law as mandated by the Saudi Data & AI Authority (SDAIA). This includes ensuring that your personal data is collected and processed in a lawful, fair, and transparent manner, specifically for the purposes communicated to you.
21.2 Data Subject Rights
Under Saudi Arabian law, you have the following rights:
Access: You have the right to request access to your personal data that we hold, and to obtain information about how we process it.
Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
Erasure: You have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
Restriction of Processing: You have the right to request the restriction of processing of your personal data in specific situations.
Objection: You have the right to object to the processing of your personal data in certain cases, including processing for direct marketing purposes.
21.3 Data Transfers
Any transfer of your personal data outside Saudi Arabia is conducted in compliance with SDAIA guidelines, ensuring adequate protection of your data. We implement appropriate safeguards to ensure that your personal data remains protected in accordance with the PDPL.
22. Compliance with GCC Privacy Laws
22.1 Regional Regulations
We comply with the electronic transactions and personal data protection laws established by the Gulf Cooperation Council (GCC) countries. This ensures consistent and comprehensive data protection across the region, including but not limited to Bahrain, Kuwait, Oman, Qatar, and the United Arab Emirates.
22.2 Data Processing Principles
Our data processing activities within the GCC adhere to the following principles:
Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner.
Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data Minimization: Personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy: Personal data is accurate and, where necessary, kept up to date.
Storage Limitation: Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
22.3 Cross-Border Transfers
We ensure that any cross-border data transfers within GCC member states are conducted in compliance with regional data protection regulations, providing equivalent levels of protection. Appropriate safeguards are implemented to maintain the security and confidentiality of personal data during such transfers.
23. Compliance with United States Privacy Laws
23.1 California Consumer Privacy Act (CCPA)
For residents of California, we comply with the California Consumer Privacy Act (CCPA), which provides specific rights regarding the collection and processing of their personal data.
23.2 Rights under CCPA
California residents have the following rights:
Right to Know: You have the right to request disclosure of the categories and specific pieces of personal data we have collected about you, the purposes for which it was collected, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request the deletion of your personal data that we have collected, subject to certain exceptions.
Right to Opt-Out: You have the right to opt-out of the sale of your personal data.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for exercising your privacy rights under the CCPA.
23.3 Do Not Sell My Personal Information
We provide a clear mechanism for California residents to opt-out of the sale of their personal information, in compliance with CCPA requirements. You can exercise this right by visiting our "Do Not Sell My Personal Information" page or contacting us directly.
24. Compliance with Canadian Privacy Laws
24.1 Personal Information Protection and Electronic Documents Act (PIPEDA)
We adhere to the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws, ensuring the lawful and transparent handling of personal data of Canadian residents.
24.2 Data Subject Rights under PIPEDA
Canadian residents have the following rights:
Access: You have the right to request access to your personal data that we hold and receive an accounting of its use.
Correction: You have the right to request corrections to your personal data if it is inaccurate or incomplete.
Withdrawal of Consent: You have the right to withdraw consent for data processing activities at any time, subject to legal or contractual restrictions and reasonable notice.
Complaints: You have the right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe your rights under PIPEDA have been violated.
24.3 Data Transfers and Storage
We ensure that any transfer of personal data outside Canada complies with PIPEDA requirements, maintaining equivalent levels of data protection. We implement appropriate safeguards to protect personal data during international transfers.
25. Additional Provisions
25.1 Regional Compliance
Our commitment to privacy includes adherence to specific regional laws and regulations to ensure comprehensive data protection. We regularly review and update our policies and practices to remain compliant with evolving legal standards across different jurisdictions.
25.2 Multi-Jurisdictional Operations
Given our operations across multiple jurisdictions, we take proactive steps to align our data protection practices with local and international regulations. This approach ensures a cohesive and consistent framework for privacy and data security, regardless of where we operate.
Address: 913-B, Ibn Battuta Gate Offices, P.O. Box 114320, Dubai, UAE
Phone: +971 4 420 2091
Email: afs@airflowinternational.com
Identification Information: Your name, address, telephone number, email address, and other contact details.
Device and Access Information: IP address, browser type, version, device identifiers, and your activity on our website.
Transactional Data: Details about the services you have purchased from us and payment information.
Communications Data: Information contained in any communication between you and us.
Directly from you, when you provide it to us by filling in forms on our site, corresponding with us by phone, email, or otherwise.
Automatically as you navigate through our site, information collected via cookies and other tracking technologies.
To Provide and Manage Our Services: We use your information to perform our contract with you, to bill you, and to maintain our business relationship.
Customer Support: To offer customer support and respond to your inquiries.
Marketing and Communications: To inform you about changes to our services, new services, and special offers we think you will find valuable, if you have consented to such communications.
Compliance and Enforcement: To comply with our legal obligations, enforce our terms and conditions, and protect our rights in the context of legal claims.
Contractual Necessity: The processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
Legal Obligations: Processing necessary for compliance with a legal obligation to which we are subject.
Consent: Where you have given clear consent for processing your personal data for a specific purpose.
Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
Service Providers: Companies that provide services on our behalf, such as payment processing, data analysis, email delivery, hosting services, and customer service.
Business Partners: Third parties with whom we may jointly offer products or services. We ensure these parties are bound by confidentiality agreements and do not use your data for any other purposes.
Legal and Regulatory Authorities: We may disclose your information if required by law or if necessary for the protection of our legal rights, compliance with regulatory requirements, or in other legal proceedings.
Implementing Standard Contractual Clauses approved by the European Commission, which give personal data the same protection it has in Europe.
Verifying if the third country has been deemed to provide an adequate level of protection for personal data by the European Commission.
Access your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Email: dpo@airflowinternational.com
Address: 913-B, Ibn Battuta Gate Offices, P.O. Box 114320, Dubai, UAE
Phone: +971 4 420 2091
Access: You have the right to request access to your personal data that we hold, and to obtain information about how we process it.
Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
Erasure: You have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
Restriction of Processing: You have the right to request the restriction of processing of your personal data in specific situations.
Objection: You have the right to object to the processing of your personal data in certain cases, including processing for direct marketing purposes.
Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner.
Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data Minimization: Personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy: Personal data is accurate and, where necessary, kept up to date.
Storage Limitation: Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Right to Know: You have the right to request disclosure of the categories and specific pieces of personal data we have collected about you, the purposes for which it was collected, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request the deletion of your personal data that we have collected, subject to certain exceptions.
Right to Opt-Out: You have the right to opt-out of the sale of your personal data.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for exercising your privacy rights under the CCPA.
Access: You have the right to request access to your personal data that we hold and receive an accounting of its use.
Correction: You have the right to request corrections to your personal data if it is inaccurate or incomplete.
Withdrawal of Consent: You have the right to withdraw consent for data processing activities at any time, subject to legal or contractual restrictions and reasonable notice.
Complaints: You have the right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe your rights under PIPEDA have been violated.