DEPA Group Privacy Policy

Privacy Policy


In DEPA Group, we care deeply about the privacy and security of your data. This Privacy Policy will help you understand what data we collect, what we use it for and how you can exercise your rights.

We abide by the following principles while processing your data:

  • We do not collect more information than it is necessary;
  • We do not use your data for purposes other than those specified in this Privacy Policy;
  • We do not keep your data if it is no longer needed;
  • We do not disclose your data in cases other than these specified in this Privacy Policy.

This Privacy Policy applies to centralized corporate services offered by Group IT department and to services that we provide in connection with our software. Our services may contains links to other websites. Once redirected to a website outside of our domains, this Policy is no longer applicable.

This Policy sets out the requirements for privacy across DEPA Group Limited and entities it controls (the Group) will call it Depa in this document.

This Policy applies to all employees of the Group, third parties engaged by the Group, and all alliances and joint ventures in all jurisdictions.

Any employee of the Group found to have breached this Policy may be subject to disciplinary action.

The objectives of this Policy are to treat personal information:

1.In UAE including that of its UAE customers and business partners, in accordance with the UAE Data Protection Law 2007.

2.Outside UAE, in accordance with the applicable law including GDPR for Europe

1. What personal information do we collect?

Personal information is any information relating to an identified or identifiable natural person. Sensitive/special information is a subset of personal information which includes information about an individual’s race or ethnicity, political or religious beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences, criminal record and health information. Personal information will not be shared, sold or disclosed other than in accordance with this Policy, without an individual’s permission, or in accordance with the Data Protection Law. DEPA only collects, holds, uses or discloses personal information where it is reasonably necessary to:

1.1. Enable DEPA to deliver services or information to its individuals or to an organization;

1.2. Maintain or establish a business relationship, including as a customer, supplier, subcontractor, or employee;

1.3. Enable DEPA to assist to provide services; or to improve, and better understand preferences in respect of DEPA services; and

1.4. Fulfil legal or regulatory obligations.

1.5. Situations in which DEPA may collect personal information include:

1.5.1. Recruitment and engagement of employees, including contractors;

1.5.2. When receiving services from third party suppliers, including subcontractors;

1.5.3. when providing services to clients or customers;

1.5.4. When required by law;

1.5.5. When dealing with certain government agencies;

1.5.6. When visitors to DEPA’s website provide their personal information, such as name and email address; and phone number

1.5.7. During safety and operational environment monitoring.

1.6. Personal information that may be collected includes:

1.6.1. Personal details, such as name, mailing address, email address, telephone numbers, age and gender;

1.6.2. Human resource information relating to employees including directors and officers;

1.6.3. Details of visitors to DEPA premises or sites;

1.6.4. Applications for employment, including information relating to personal skills, work history, experience and details of performance, education, qualifications and skills, professional memberships, hobbies and affiliations;

1.6.5. Details of referees and personal references;

1.6.6. Answers to questions asked to assist DEPA to conduct business, including as part of the employment process; and

1.6.7. Stated or likely individual preferences, for example an interest in receiving particular investor or marketing publications.

Personal information can be collected orally, in writing, by telephone, by e-mail, via DEPA Applications and through other methods of communication. DEPA generally collects personal information directly from the individual to whom it relates, except where that individual has consented to DEPA collecting the personal information from a third party or the law otherwise permits DEPA to do so, or where it is unreasonable or impracticable to collect it directly. DEPA only collects sensitive information directly from individuals with their consent, or where required, authorized or otherwise permitted to collect the information from a third party by law. Personal information may also be collected from, and disclosed to, third parties in the course of business activities. For example, steps may be taken to verify that an individual’s academic, training and professional qualifications are accurate and complete and, in appropriate circumstances due to the nature of the available position, health checks, credit checks or criminal records checks may be carried out. An individual has the option, where lawful and practicable, not to be identified when communicating or entering into transactions with DEPA (including by the use of a pseudonym). However, in most circumstances, it will be impracticable for DEPA to do business with an individual or provide the services required by an individual unless personal information is provided.

2. Purposes for which we collect, hold, use and disclose personal information

Personal information will be stored in DEPA’s systems for immediate business and administration purposes, as detailed above, and may be used or disclosed for the purpose for which it was collected, or for a related purpose which someone may reasonably expect. Sensitive information will only be disclosed for a purpose which is directly related to the purpose for which it was collected. Personal information may be disclosed between related bodies corporate within DEPA Group worldwide, and used by those entities for the same purposes for which the collecting company is entitled to use it.

3. What are your rights?

3.1. The Right to be informed: You have the right to be informed on what, why, and in what way, your personal information will be processed.

3.2. The Right of Access: You have the right to access the information that we have on you. We will make sure to provide you with a copy of the data we process about you. we may charge you with an administrative fee.

3.3. The Right to rectification:

If you believe that the information we have about you is incorrect, you are welcome to contact us so we can update it and keep your data accurate.

3.4. The Right to erasure (to be forgotten):

We will delete information about you after it is no longer needed for the purposes it was collected. If at any point you wish for us to delete information about you, you can request for that, accordance with industry standards and applicable laws

3.5. The Right to restrict processing you can ask us to stop processing your personal data

The Right to data portability: You can ask for your personal information in machine readable format or to have it sent to another organization

The Right to object If processing of your data is based on consent, you have the right to withdraw your consent at any time. If you at any point wish to withdraw your consent,. Remember that withdrawal of consent will not affect the lawfulness of processing based on this consent before its withdrawal. The right in relation to automated decision making and profiling: We do not use any information provided by you for the purposes of automated decision-making, including profiling.

To contact us for any of the above request, you can send us email through

1. Disclosure of your data:

We guarantee that all your personal information is protected, and that we will not make this information available to third parties in cases different than those specified below, unless you give us a permission to do so or unless such disclosure is necessary to comply with a legal obligation that is imposed on us.

We may share information that you provided us with while you are employed by Depa:

  • Sensitive information will only be disclosed for a purpose which is directly related to the purpose for which it was collected;
  • Personal information may be disclosed between related bodies corporate within DEPA Group worldwide, and used by those entities for the same purposes for which the collecting company is entitled to use it;
  • Our legal advisors to the extent that such disclosure is necessary to obtain legal advice or protect our rights in legal proceedings;
  • Governments and law enforcement authorities only if we are required to do so by law. We will always attempt to redirect the law enforcement agency or government to request any data directly from you. If compelled to disclose your data, we will promptly notify you and provide a copy of the demand.
  • DEPA may also disclose personal information to third party service providers and business associates, including our Auditors, joint venture and alliance partners, who provide services in connection with its business. These third parties may be located locally or overseas. Only if required to do so by law or if necessary to protect our rights in legal proceedings.

2. Confidentiality and security

DEPA is committed to:

  • Safeguarding all personal information provided to DEPA;
  • Ensuring that personal information remains confidential and secure; and
  • Taking all reasonable steps to ensure that personal privacy is respected.

DEPA implemented the possible security measure to maintain physical, electronic and procedural safeguards to protect personal information from misuse, interference, unauthorized access, modification or disclosure, and loss or corruption by computer viruses and other sources of harm. Access to personal information is restricted to those employees, joint venture partners, subsidiary companies and third parties who need to know that information.

3. Privacy Offer Contact Details

By postThe Privacy Officer, Dubai Investment Park1,Jebel Ali Lehbab Rd, Depa Building No. 1, Dubai,United Arab Emirates

DEPA will respond to employee’s requests within thirty days’ time period.

4. Destruction and de-identification of personal information

Records management policies govern the archiving and destruction of records which include personal information. If unsolicited personal information is received, reasonable steps will be taken to destroy or de-identify that personal information.