Advanced Privacy andData Protection Policy
Pushouse L.L.C-FZ | Dubai, UAE | International Standards in Data Security
1. Introduction and Scope
Pushouse L.L.C-FZ ("Pushouse"), a global SaaS company headquartered in Dubai, United Arab Emirates, as a data controller, commits to providing global-standard protection in the processing of data belonging to e-commerce businesses and end consumers, in full compliance with the European Union General Data Protection Regulation (GDPR), UAE Personal Data Protection Law (UAE PDPL), California Consumer Privacy Act (CCPA), and related international regulations.
This policy covers the following data subjects:
- Our corporate customers and authorized representatives
- Our customers' customers (end users/consumers)
- Website visitors and platform users
- Business partners and suppliers
2. Data Controller Identity Information
Company Information
Name: Pushouse L.L.C-FZ
Licence No: 2540189.01
Tax Registration No: 105300073100001
Contact Information
Address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.
General Contact: [email protected]
3. Data Categories Collected and Processing Purposes
A) Data Collected from Corporate Customers
| Data Type | Collection Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Company information, title, address | Contract management, invoicing, legal obligations | GDPR Art.6(1)(b) (Contractual obligation) | 10 years after contract termination |
| Authorized person contact information | Technical support, account management, security notifications | GDPR Art.6(1)(f) (Legitimate interest) | 3 years after relationship ends |
| API/Access credentials | Platform integration, security, performance monitoring | GDPR Art.6(1)(b) (Contractual necessity) | During active use |
B) Data Collected from End Users (Our Customers' Customers)
| Data Type | Processing Purpose | Consent Mechanism | Retention Period |
|---|---|---|---|
| Contact information (Phone, Email) | Digital marketing, campaign notifications | Explicit consent (Double opt-in) | 2 years from last interaction |
| Shopping history, preferences | Personalized campaigns, recommendation system | GDPR Art.6(1)(f) (Legitimate interest) | During activity + 1 year |
| Behavioral data (Cookies) | AI analysis, conversion optimization, A/B testing | Clear information + consent | 6 months (anonymization) |
C) Data Collected from Website Visitors
Technical Data (Automatic)
- • IP address (anonymized)
- • Browser type and version
- • Device ID and screen resolution
- • Geographic location (city level)
- • Page views and click data
Contact Data (Voluntary)
- • First name, last name
- • Email address
- • Phone number
- • Company information
- • Message/request content
4. Data Processing Principles and Legal Grounds
Lawfulness
Based on explicit consent, contract, legitimate interest, and legal obligation under GDPR Art.6.
Purpose Limitation
Data use outside specified purposes is strictly prohibited.
Transparency
Automatic notification and clear consent mechanisms for data subjects.
Data Minimization
Principle of collecting minimum data necessary for processing purposes.
Accuracy
Maintaining current, accurate, and corrected data when necessary.
Accountability
Structure where all operations are documented and auditable.
5. Data Security Architecture and Protection Measures
Technical Security Measures
🔐 Encryption Protocols
- • TLS 1.3 protocol for data transmission
- • AES-256 bit encryption in database
- • Field-level encryption for sensitive data
- • Annual encryption key rotation
🛡️ Access Control
- • RBAC (Role-Based Access Control)
- • Multi-factor authentication (MFA)
- • Privileged Access Management (PAM)
- • Zero Trust network architecture
🔍 Security Monitoring
- • 24/7 SIEM (Security Information and Event Management)
- • Anomaly detection and alert system
- • Real-time threat analysis
- • Automated security incident response
Administrative Security Measures
👥 Personnel Security
- • Annual 15-hour mandatory GDPR training
- • Non-disclosure agreement (NDA) signing
- • Background checks and security clearance
- • Regular security awareness testing
📋 Process Security
- • ISO 27001:2013 compliant ISMS
- • SOC 2 Type II audit (annual)
- • Data processing impact assessment (DPIA)
- • Incident response and business continuity plans
🔧 Technological Security
- • Penetration testing every 6 months
- • Vulnerability scanning (weekly)
- • Code security analysis (SAST/DAST)
- • Third-party security certifications
6. Data Subject Rights and Application Procedures
Under GDPR Articles 15-22, you can exercise the following rights:
📋 Information Rights
- • Learn whether your personal data is being processed
- • Learn the purpose of processing and legal grounds
- • Learn third parties to whom data is transferred
- • Get information about automated decision-making processes
✏️ Correction and Update
- • Request correction of incomplete or inaccurate data
- • Request notification of updates to third parties
- • Update via self-service portal
🗑️ Deletion and Restriction
- • "Right to be forgotten" - request data deletion
- • Request restriction of data processing activities
- • Opt-out of marketing communications
- • Object to profiling activities
📤 Portability and Objection
- • Receive your data in structured format
- • Request transfer of data to another controller
- • Object to automated decision-making processes
- • General right to object to processing activities
📞 Application Methods
Online Application
Via website contact form
Written Application
Petition with ID copy
Response Time: Requests are concluded free of charge within 30 days at the latest. For complex requests, the period may be extended to 60 days.
7. Contact Information and Policy Updates
Data Protection Team
Data Protection Officer
Data Breach Notification Line
Legal Department
Policy Updates
Notification Process
Significant changes are announced at least 30 days before the effective date via email and website notification.
Version History
All previous versions and change logs can be accessed at pushouse.com/privacy-history.
Last Update
January 28, 2026
"Data security is the foundation of our ethical DNA, not just our technology. At Pushouse, we've adopted respect for customer data as a culture beyond contracts."
Dubai, United Arab Emirates