PRIVACY POLICY

1. 1. PERSONAL DATA COLLECTION AND STORAGE

   1. We may collect and store personal data through your use of our website and when you contact us to inquire about or request services from Metaworld. The nature and extent of personal data collected will depend on the type of service you seek and the needs of that service. This may include data from clients, potential clients, service providers, and other users of the Platform. The personal data we collect may include, but is not limited to, the following:
      

      1. Contact Information: Name, email address, telephone number, and other contact details you provide.
      2. Professional or Business Information: If you are contacting us on behalf of a company or seeking our services, we may collect the name of your organisation, your job title, and other business-related information that you voluntarily provide.
      3. Communications: Any communications between you and Metaworld, including emails, phone calls, messages, and other correspondence for purposes of responding to inquiries, providing support, or record-keeping.
      4. Website Usage Data: Information about how you use our Platform, such as your IP address, browser type, pages viewed, and the dates/times of your visits. This may be collected through server logs and analytics tools.
      5. Cookies and Tracking Technologies: We use cookies and similar tracking technologies to collect information about your use of our Platform. Cookies are small text files stored on your device that help us recognize repeat visitors, remember your preferences, and understand which parts of our Platform are of interest. You can find more information about how we use cookies in our Cookie Policy available on the Platform.
   2. All Services are provided in accordance with the laws and regulations of our operational jurisdiction (primarily the UAE) and within the scope of our company’s professional licenses. Detailed scopes of work, deliverables, and fees for specific projects will typically be defined in individual client engagement agreements. However, the above list represents our overall service offerings as described on our Site and marketing materials. Please contact us if you require clarification on whether a particular service is available.
   3. We may, where necessary and appropriate, provide legal services to clients through a related entity that is duly licensed to practice law. These services are offered only in jurisdictions where permitted and will be governed by a separate agreement directly with the licensed entity. Such legal services are distinct from our consulting offerings and will be subject to applicable legal and regulatory requirements. Clients will be informed when services are rendered under this structure.

2. 2. LEGAL BASIS FOR DATA PROCESSING

   1. We will collect and process your personal information only in the following situations:
      

      1. Contractual Necessity: Where personal information is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.
      2. Legitimate Interests: Where the processing is in our legitimate interests, such as improving our services, securing our Platform, or communicating with you as necessary for our services, and not overridden by your data protection rights.
      3. Consent: Where we have your consent to do so. For example, if you opt-in to receive marketing communications.
      4. Legal Obligations: In some cases, we may have a legal or regulatory obligation to collect or retain personal information.
   2. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will inform you at that time whether the request is mandatory and explain the possible consequences of not providing your personal information.
   3. Certain jurisdictions allow us to process personal information based on additional lawful grounds such as legitimate interests. If we rely on legitimate interests, those interests will typically be to operate and improve our Platform and services, communicate with you, ensure security, prevent fraud, or pursue other legitimate business purposes, always balanced against your rights and expectations under applicable law.

3. 3. DISCLOSURE OF PERSONAL INFORMATION

   1. In the course of using your personal information for the purposes described in this Policy, we may disclose your information to the following parties:

      1. Third-Party Service Providers: We share personal information with third-party companies that perform services on our behalf to support our business and the provision of our services (for example, IT hosting providers, email and marketing platforms, analytics providers, customer support tools, and other vendors). These service providers are contractually required to protect the personal information we share with them and to use it only for the purposes of providing their services to us.
      2. Business Partners: If we offer a service or conduct joint marketing in conjunction with a business partner, we may share your information with that partner for the purposes of facilitating the service or promotion. Such partners will be required to handle your information in accordance with applicable data protection laws and any applicable agreements.
      3. ffiliated Companies: We may share your personal information with our affiliates and subsidiaries within the Metaworld group of companies (if any) for purposes consistent with this Policy or for internal administrative purposes. Any such affiliates will honor the commitments we make in this Privacy Policy.
      4. Corporate Transactions: In connection with any corporate transaction such as a merger, acquisition, sale of assets, or restructuring involving our business (or in the unlikely event of bankruptcy or receivership), personal information may be disclosed or transferred to the entities involved as part of the transaction. In such cases, we will ensure that the recipient of the data is bound to respect your personal information in a manner consistent with this Policy.
      5. Advisors and Auditors: We may disclose information to our professional advisors (such as legal counsel, accountants, or auditors) when necessary for them to provide services to us or to advise us in connection with compliance, legal rights, and obligations.
      6. Legal Authorities and Government Agencies: We may disclose your personal information to courts, law enforcement agencies, regulators, government authorities, or other authorized third parties if required to do so by law or legal process, or if we have a good-faith belief that such disclosure is necessary to comply with the law, to protect the rights, property, or safety of Metaworld , our users, or the public, or to respond to a government request.
      7. Authorized Parties: We may disclose your information to any other party when you request or consent to such sharing.

4. 4. INTERNATIONAL DATA TRANSFERS

   1. Your personal information may be transferred to and processed in countries other than the country in which you reside. In particular, if you are located outside of our home jurisdiction, UAE, your information may be transferred to servers or service providers in other countries that may have data protection laws that are different from those in your country.
   2. In all such cases, we will ensure that appropriate safeguards are in place to protect your personal information in accordance with this Privacy Policy and applicable data protection laws. These safeguards may include contractual obligations for recipients to handle data in compliance with applicable laws, and, where required, we will implement measures such as standard contractual clauses or obtain your consent for such transfers. If personal data collected within the UAE is transferred outside the UAE, we will do so in line with the UAE’s data protection requirements

5. 5. CONSENT

   1. As described above, we may process your personal data under various legal bases. When our use of your personal information is not covered by one of these bases, we will seek your consent. You have the right to decline to give consent, or to withdraw your consent at any time if you have previously given it.
   2. For example, we will seek your consent to send you marketing communications (such as promotional emails or SMS messages) if required by law. If you opt-in, we may use the personal data you provide to send you newsletters, updates on our services, industry news, or other marketing materials. You can always opt out of these communications later by using the unsubscribe link in the emails or by contacting us, and we will honor your choice. Please note that even if you opt out of marketing messages, we may still send you non-promotional communications, such as those about your ongoing services, inquiries, or business transactions with us.

6. 6. PERSONAL DATA PROTECTION MEASURES

   1. We are committed to safeguarding your personal data, and we implement appropriate technical and organizational security measures to protect it from unauthorized access, alteration, disclosure, or destruction. We also require that any third-party service providers handling personal data on our behalf maintain strong security practices.

   2. Measures we take to protect personal data include, for example:

      1. Training and awareness for our employees about the importance of confidentiality and privacy and limiting access to personal data to only those employees who need it to perform their duties.
      2. Using secure authentication and access controls on our systems (such as individual user accounts, strong passwords, and two-factor authentication) to prevent unauthorized access.
      3. Employing encryption and secure protocols (like HTTPS/SSL) to protect data during transmission, and using firewalls, intrusion detection systems, and anti-virus software to guard our IT infrastructure.
      4. Ensuring that when we work with third-party providers, such as cloud storage or data transfer services, they use appropriate encryption and security measures. We transmit personal data over secure networks and, when possible, use encryption or pseudonymization for added protection.
      5. Securing physical records and hardware containing personal data.
      6. Implementing physical security measures at our office locations, including controlled access to premises, surveillance cameras, and security personnel where appropriate.

7. 7. RETENTION OF PERSONAL INFORMATION

   1. We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by law. In practice, this means your personal data will be retained for as long as you have an ongoing relationship with us, as a client or a prospective client who has expressed interest in our services, and thereafter for any additional period that is legally required or allowed.
   2. When we no longer have a legitimate need to retain your personal information, we will either securely delete it or anonymize it, so that it can no longer be associated with you, unless we are required to keep it for a longer period to comply with legal obligations.

   3. Criteria we use to determine retention periods include:

      1. Duration of Relationship: We consider the duration of your relationship with us and whether you have any ongoing services, projects, or inquiries with us. We will typically retain data for the duration of our relationship and for a period after it ends, as needed to address any post-service issues.
      2. Legal and Compliance Requirements: We consider the legal and regulatory requirements applicable to our business. We also retain records as necessary to demonstrate compliance with the laws.
      3. Dispute Resolution: We consider whether personal data might be needed to resolve any disputes, enforce our agreements, or defend against legal claims. In such cases, we will retain relevant data as long as necessary for those purposes.

8. 8. USER RIGHTS

   1. personal data will be processed in accordance with the applicable data protection laws, including the General Data Protection Regulation (GDPR) for EEA residents and the UAE’s Personal Data Protection Law (PDPL) for UAE residents. For residents of other jurisdictions, your personal data will be processed in compliance with the relevant privacy laws applicable to you. These rights may include:

      1. Right to Access: You can request a copy of the personal data we hold about you, along with information about how we process it, subject to certain exceptions.
      2. Right to Correction: You can request that we correct any inaccurate or incomplete personal data we have about you.
      3. Right to Erasure: You can request that we delete your personal data in certain circumstances, subject to the condition that we may need to retain certain information if required by law or if retention is otherwise permitted by law.
      4. Right to Object: You can object to our processing of your personal data where we rely on legitimate interests as our legal basis, if you believe the processing impacts your fundamental rights and freedoms. You also have the right to object at any time to the processing of your personal data for direct marketing purposes.
      5. Right to Data Portability: Where applicable, you have the right to request that we provide you with your personal data in a structured, commonly used, machine-readable format, and to transfer that data to another data controller, when the processing is based on your consent or a contract and carried out by automated means.
      6. Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing that occurred before you withdrew your consent. Please note that these rights are subject to certain conditions and exceptions under applicable law. Exercising one of the rights above may not always mean we can comply. If a request is denied, we will inform you of the reasons, subject to any legal restrictions.

   2. In addition to the above rights, you have choices about how your personal information is used:

      1. You may update or correct your personal details and communication preferences at any time by contacting us. If you subscribe to our marketing communications, you can also use the unsubscribe link provided in our emails to manage your preferences.
      2. You can control or disable cookies through your web browser settings. Please note that disabling certain cookies may affect the functionality of our Platform. For more information on how we use cookies and how you can manage them, see our Cookie Policy.

9. 9. MODIFICATIONS TO THIS POLICY

   1. We reserve the right to modify, amend, supplement, or update this Privacy Policy at our sole discretion. If we make material changes to this Policy, we will update the “Last Updated” date above and take reasonable steps to notify you of the updated policy, such as by prominent notice on our website or via email if appropriate. We encourage you to review this Policy periodically to remain informed about how we protect your personal information.
   2. Your continued use of the Platform after any updated Privacy Policy is in effect will constitute your acceptance of the revised Policy. If you do not agree to the changes, you should stop using the Platform and contact us if you need further assistance.

10. 10. COMPLAINTS AND CONTACT INFORMATION

    1. Metaworld is committed to addressing any questions, concerns, or complaints you may have about your privacy and how we handle your personal data. If you have a concern or believe your rights under applicable data protection laws have been infringed, we encourage you to contact us so we can address the issue.
    2. The best way to reach us with privacy-related questions or complaints is by email at info@metaworldcbc.com. Please include “Privacy Inquiry” in the subject line of your email and provide details of your inquiry or complaint.
    3. We will respond to privacy-related inquiries as soon as reasonably possible. If you make a complaint, we will investigate and attempt to resolve the matter in accordance with our internal procedures and any legal requirements. If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.