Data Protection Policy
MetaMinder Software Limited

Introduction

At MetaMinder Software Limited, we are deeply committed to safeguarding the privacy and security of personal data entrusted to us. We recognize the importance of protecting individuals' rights and ensuring the lawful and responsible processing of their personal information. As such, we adhere strictly to the Data Protection Law 2020 of the Dubai International Financial Centre (DIFC) and other relevant regulations governing data protection.

This Data Protection Policy serves as a foundational document outlining our overarching principles, procedures, and responsibilities concerning the management of personal data. It reflects our dedication to transparency, accountability, and compliance with legal requirements in every aspect of our data processing activities. As stewards of personal data, we are committed to upholding the highest standards of data protection to maintain the trust and confidence of our stakeholders, including customers, employees, contractors, and partners.

Scope

This Data Protection Policy applies comprehensively across all facets of MetaMinder Software Limited's operations, encompassing every stage of personal data processing. It extends to all individuals whose personal data we collect, use, or otherwise process, including but not limited to customers, employees, contractors, and business partners. Our commitment to data protection spans all aspects of our business activities, ensuring that personal data is handled with the utmost care and in strict compliance with the Data Protection Law 2020 of the Dubai International Financial Centre (DIFC) and other applicable regulations.

Within this expansive scope, our policy governs the collection, storage, use, sharing, and disposal of personal data, outlining clear guidelines and procedures to uphold individuals' rights and safeguard their privacy. As custodians of personal information, we recognize the importance of maintaining the confidentiality, integrity, and availability of data entrusted to us, and this policy serves as our unwavering commitment to fulfilling that responsibility.

Data Processing Operations

3.1. Processing Outside of DIFC: MetaMinder Software Limited does not process or transfer personal and/or sensitive data outside of DIFC. All data processing activities are conducted within the jurisdiction of the Dubai International Financial Centre.

3.2. Special Category Personal Data: Upon thorough analysis of the legislation, MetaMinder Software Limited does not process special category personal data as defined by the Data Protection Law 2020 of the DIFC. Our data processing activities primarily involve usual personal data that does not fall within the category of special category personal data, which includes attributes such as political or religious views, biometric data, and health data, among others.

3.3. High-Risk Processing: MetaMinder Software Limited does not engage in high-risk processing activities. Our data processing operations are conducted with appropriate measures in place to mitigate risks and ensure compliance with data protection regulations.

Data Protection Officer

The Company has appointed a Data Protection Officer to oversee data protection compliance efforts, including but not limited to:

• Monitoring compliance with the Data Protection Law 2020 and other relevant regulations.
• Providing guidance and training to staff on data protection matters.
• Acting as a point of contact for data subjects and the Commissioner of Data Protection.

MetaMinder Software Limited shall make available a minimum of two (2) methods (which includes but shall not be limited to telephone, email).

Records of Processing Activities (RoPA)

MetaMinder Software Limited maintains detailed Records of Processing Activities (RoPA) to ensure compliance with Article 15 of the Data Protection Law 2020 of the DIFC. Our RoPA includes:

1. Lawful Basis and Data Sources: We document the lawful basis for processing personal data, ensuring that each processing activity is supported by a legal justification. We also record the sources from which personal data is obtained, whether it's directly from data subjects, collected through our website or applications, or received from third-party sources.
2. Consent Records: Where applicable, we maintain records of consent obtained from data subjects for processing their personal data. These records include information on when consent was obtained, the purposes for which it was obtained, and any specific conditions attached to the consent.
3. Controller and Processor Contracts: We document all contracts and agreements between MetaMinder Software Limited and any data controllers or processors involved in our data processing activities. These contracts outline the responsibilities of each party regarding data protection and ensure compliance with legal requirements.
4. Data Location: We maintain records of the location(s) where personal data is stored and processed, whether it's within our own infrastructure or with third-party service providers. This helps us ensure that personal data is adequately protected and managed in accordance with regulatory requirements.
5. Data Protection Impact Assessments (DPIAs): We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities as required by the DIFC Data Protection Law. However, MetaMinder Software Limited does not engage in high-risk processing activities.
6. Personal Data Breach Records: In the event of a personal data breach, we maintain detailed records of the incident, including the nature of the breach, the affected individuals, the potential impact, and the actions taken to mitigate the breach and prevent future occurrences.
7. Special Categories of Data and Criminal Conviction Data: If we process special categories of data or criminal conviction and offense-related data, we document the specific purposes for which this data is processed and implement additional safeguards to protect its confidentiality and integrity. However, MetaMinder Software Limited does not process special category personal data as defined by the Data Protection Law 2020 of the DIFC.
8. Retention and Erasure Policies: We document our retention and erasure policies for personal data, specifying the criteria used to determine retention periods and the procedures followed for securely deleting or anonymizing data when it is no longer needed for its original purpose.

Notifications to the Commissioner of Processing Operations

MetaMinder Software Limited complies with the notification requirements outlined in Articles 14(7) and 14(8) of the Data Protection Law 2020 of the DIFC. When providing notifications to the Commissioner of Processing Operations, we ensure that the following information is included:

1. General Description of Processing: We provide a clear and concise description of the personal data processing activities being carried out by MetaMinder Software Limited, including the purposes for which the data is processed and the types of data involved.
2. Explanation of Processing Purpose: We explain the purpose(s) for which personal data is being processed, ensuring transparency and accountability in our data processing activities.
3. Data Subjects: We identify the data subjects or classes of data subjects whose personal data is being processed, specifying any categories or groups of individuals affected by our processing activities.
4. Description of Personal Data: We describe the class(es) of personal data being processed, including the categories of data elements and any special categories of data as defined by the DIFC Data Protection Law.
5. Transfer of Personal Data: We provide information on any transfers of personal data outside of the DIFC jurisdiction, including the jurisdictions to which the data will be transferred and whether those jurisdictions have been assessed as having an adequate level of data protection. However, MetaMinder Software Limited does not process or transfer personal and/or sensitive data outside of DIFC. All data processing activities are conducted within the jurisdiction of the Dubai International Financial Centre.

Contact Information

For further information about Data Protection in DIFC, individuals may contact the Commissioner of Data Protection at [email protected].

Compliance

The Company is committed to complying with all provisions of the Data Protection Law 2020 and other applicable regulations. Regular reviews of this policy will be conducted to ensure ongoing compliance with evolving legal requirements.

Data Protection Policy Review

This Data Protection Policy will be reviewed annually or as necessary to ensure its effectiveness and compliance with relevant laws and regulations.

Policy Acceptance

All employees, contractors, and third parties acting on behalf of the Company are required to familiarize themselves with this policy and comply with its provisions.

Policy Implementation

This policy shall be communicated to all relevant stakeholders within the organization and made available to individuals whose data is processed by the Company.

Enforcement

Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract.