Privacy policy

Last updated: 2025/03/13

DATA TOWER TRADE AND SERVICES LLC-FZ (DATA TOWER, Company, we, our, us) — a company registered in the United Arab Emirates respects and values your privacy and wants to make sure that you can enjoy it in safety.


This document represents our policy on processing and protection of personal data and is located at https://lampyre.io/privacy.


The purpose of this Privacy Policy is to provide you with information about how we may collect, use, or disclose your Personal Information in compliance with the national UAE data protection and privacy laws, including the Personal Data Protection Law (PDPL). It also contains important information about your rights over your Personal Information.


By using DATA TOWER's websites (lampyre.io and account.lampyre.io) or Platform, you expressly accept and consent that your information may be transferred to DATA TOWER's subcontractors, agents, or representatives who perform tasks related to the site and Platform. If your personal data is transferred outside the UAE, such transfers will be conducted in compliance with PDPL's adequacy standards or under contractual agreements ensuring equivalent data protection.


When you use our Platform or provide us with your personal data (including information that you may have shared with us through official communication channels), you agree to this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not provide us with personal data or use our Platform.


You should also be aware that we may make changes to our Privacy Policy in order to comply with changing legal requirements, so you should check back regularly for the most current version. However, if we make changes to this Privacy Policy that affect you directly, we will notify you of those changes. If you continue to access our website and use our services once these changes become effective, you acknowledge and agree that your personal data will be processed in accordance with the updated Privacy Policy.

How we will contact you

We will contact you via the email address you provide during feedback submission or User Account registration. We may also contact you via the Web Chat inside your user account.


We may also use other types of communication to respond to your requests. By default, we will respond to your requests where we receive your request. If you would like a different type of response, please let us know in the body of your request letter and we will try to meet your demand, if possible.


We will not send you marketing messages without your explicit Consent to Receive Promotional and Marketing Communications. However, we reserve the right to email you with administrative, technical, or other necessary messages related to the Platform and your activity. These may include notifications about:

  • changes to our services or products;

  • to remind you that you will soon be charged for the automatic renewal of your services or products;

  • security alerts; or

  • fraud detection and prevention activities related to your user account.


These messages are essential for the functionality of Lampyre products and services. While you cannot unsubscribe from these communications, you may contact us if you believe any message is excessive or unrelated.

Data controller

DATA TOWER TRADE AND SERVICES LLC-FZ

Short title: DATA TOWER


Our legal address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.

Company registration license: 2424752.01

E-mail: support@lampyre.io

Types of collected personal data

Within the context of this Privacy Policy, we use the terms set forth in PDPL. Thus, "personal data" means any information relating to an identified or identifiable natural person ("data subject"). In the case of B2B customers, the Privacy Policy does not apply to the legal entities themselves but applies to the personal data of individuals associated with these customers, such as contact persons, employees, representatives, or end users, which is processed in compliance with the UAE Personal Data Protection Law (PDPL).


"Processing" means any operation or set of operations performed on Personal Data using any electronic means, including processing and other means. This processing includes collecting, storing, recording, organizing, adapting, modifying, circulating, altering, retrieving, exchanging, sharing, using, characterizing, disclosing Personal Data by broadcasting, transmitting, distributing, making available, coordinating, merging, restricting, blocking, erasing or destroying it or creating forms thereof.


The personal data we collect includes individual information about you:

  • email address, IP address, ID, username, password; and

  • any additional information disclosed to our staff through official communication channels, or voluntarily disclosed in your feedback, reports, comments, or posts on our Platform.


We may also collect anonymized data that does not identify you as an individual. This includes:

  • device-related data (e.g., operating system type and version, device type such as personal computer, cell phone, or tablet);

  • browser type and version; and

  • other data transmitted by your browser depending on its settings.


Anonymized data that cannot be linked back to an individual is outside the scope of PDPL. However, if anonymized data is capable of re-identification, it will be treated as personal data under this Privacy Policy and regulated by PDPL.


We do not link anonymized data to other personal data unless you have registered on our website or logged into your Account. This is intended to provide additional protection for your Account against possible fraud.


We may also collect and process personal data from publicly available sources when necessary to better provide our services. Any data collected from such sources will be processed solely for legitimate purposes and in compliance with UAE PDPL.

Purposes and legal basis of personal data processing

The Company is guided by the principles of lawfulness, fairness, transparency, minimization of data processing, sufficiency, rationality, and expediency of personal data processing. Your data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner that is incompatible with those purposes. We strive to keep your personal data accurate and, where necessary, up to date.


We ensure the lawfulness of personal data processing by relying on the following legal bases as outlined in Article 4 of the UAE PDPL:


1. Consent


Your explicit consent to the processing of personal data. Before granting consent, we will inform you of the purposes for processing and your right to withdraw consent at any time pursuant to Article 6 of the PDPL. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.


2. Performance of a Contract


The need to process personal data to perform a contract to which you are a party or to take steps at your request before entering into a contract.


3. Legitimate Interests


The need to process personal data for purposes arising from our legitimate interests or the legitimate interests of third parties, provided that these interests do not override your fundamental rights and freedoms as a data subject.


When processing under legitimate interests, the Company conducts a balancing test to ensure that:

  • the method or technology used is necessary for the legitimate interests of the Company;

  • data processing is proportionate to business needs and the purpose to be achieved;

  • data processing minimizes interference with your rights and focuses on specific risk areas;

  • the purpose of processing is necessary and cannot be achieved through less intrusive means;

  • the data subject's rights and freedoms are not overridden by our interests;

  • risk mitigation measures are in place to minimize any impact on data subjects.


Examples of legitimate interests include fraud prevention, network security, or improving our services.


4. Compliance with Legal Obligations


The need to process personal data to fulfill legal obligations, such as:

  • compliance with accounting and financial regulations;

  • meeting administrative or official requirements;

  • responding to official requests from regulatory or governmental authorities.


We retain your personal data only as long as necessary to fulfill the specified purposes or to comply with legal obligations under UAE law.


The purpose of processing depends directly on the actual data processing-related activity. We only collect and process your personal data for purposes that cannot be achieved by other means. The detailed purposes are listed below:



PurposeDataLegal basis
Identification of visitors to the website, gathering statistics and doing analysis IP addressconsent
Providing personalized services, facilitating the customization of advertisements on the basis of cookie usage interest information, habits, preferences (based on your browsing history) consent, legitimate interests
Creating user accounts for Customers and identifying Customers e-mail
address
password
company name
consent, performance of the agreement
Protection of the Customers' data, ensuring that no unauthorized person has access to the Customers' accounts password
temporary password
consent
Making sales to the Customers e-mail address
name
customer ID
billing address
date of the transaction
consent, performance of the agreement
To market, promote, and advertise our services e-mail address
name
customer ID
billing address
date of the transaction
purchase history
consent, legitimate interests
Billing name
billing address
date of the transaction
payment history: details of each previous (completed) purchase (date, time, purchased product, value of the purchase)
consent, performance of the agreement
Keeping track of and visualize the purchases within a personal customer account for the convenience of the Customers e-mail address
purchase history
payment history: details of each previous (completed) purchase (date, time, purchased product, value of the purchase)
consent
To solve issues with the payment services (e.g. Stripe, PayPal) customer ID
payment history: details of each previous (completed) purchase (date, time, purchased product, value of the purchase)
consent, legitimate interests
To process Customer applications via official channels e-mail address
name (of the individual or the contact person)
payment history
your data given regarding to the usage our software
consent, performance of the agreement
To prevent fraud against the customers' accountsdata provided by the customer earlierconsent, performance of the agreement
To prevent fraud against our services e-mail address
IP address
legitimate interests
Compliance with applicable laws or regulatory procedures (when processing is necessary to fulfill a legal obligation imposed on us or to fulfill a public interest task or to protect the vital interests of the data subject or another person) data provided by the customer earlierlegal obligation

Where personal data is transferred outside the UAE (e.g., for payment processing by Braintree or PayPal), we ensure compliance with UAE PDPL by implementing adequate safeguards, such as data processing agreements. For details on cross-border transfers, please refer to the privacy policies of the respective service providers.


Security Measures


We implement technical and organizational measures to ensure the security of your personal data, including encryption, access controls, and regular security assessments.


We encourage you to use an e-mail address that you have regular access to when registering, and to keep your data up to date and contribute to regularly updating and refreshing your User Account information. This will allow us to promptly and accurately address issues you may have while using our Platform.

Using cookies

Our website may collect cookies. Cookies are small files stored on your device that contain information about your recent activity and enable us to distinguish you from other users. We use the information we receive from cookies to enhance the safety, convenience, and functionality of our website, products, and services.


Cookies enable you to log in, make settings, purchases, and other actions related to your account. We use both temporary cookies (which last for only one session and are deleted when you close your browser) and persistent cookies (which remain on your device until they expire or are manually cleared).


Before using cookies for non-essential purposes, we will obtain your explicit consent in compliance with PDPL.


NameValidity periodCategoryPurpose
auth_token1 monthFunctionalImplements the user authentication function in the system
account_type1 monthCustomizing Implements the function of setting the interface display depending on the type of account
Google Analytics cookiesUp to 2 yearsAnalyticsHelps us analyze website usage and improve services

You can withdraw your consent for cookies at any time by changing your browser settings or using the cookie preferences panel on our website.


Third-Party Cookies


Cookies are not only created by our website but also by other websites that run ads, widgets, or analytics tools on our pages. For instance, we use Google Analytics to monitor website performance. Data collected via Google Analytics may be transferred to servers located outside the UAE, but such transfers comply with PDPL's cross-border data transfer requirements. To opt out of being tracked by Google Analytics on all websites, visit https://tools.google.com/dlpage/gaoptout.


Managing Cookies


You can manage or delete cookies at any time through your browser settings. If you choose to disable cookies, some features of our website may not function as intended. However, essential cookies will remain active to ensure core functionalities of our services. For more information about controlling and setting cookies, see your browser's help section or visit https://www.aboutcookies.org.

Google Analytics

We use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04E5W5, Ireland.


Google Analytics uses cookies to analyze website usage and provide us with information that helps optimize our website and improve your experience. Data collected by Google Analytics includes anonymized website usage statistics and may include information such as your IP address, browser type, and device information.


The information generated by Google Analytics cookies is typically transferred to Google servers located outside the UAE and stored there. All cross-border data transfers are conducted in compliance with the UAE PDPL, ensuring adequate protection through standard contractual clauses or other lawful mechanisms.


Google Analytics retains collected data for up to 26 months unless otherwise specified. You can learn more about how Google processes information by visiting Google's Privacy Policy. We use Google Analytics cookies only with your explicit consent. You have the right to opt out of Google Analytics tracking at any time. You can manage your cookie preferences on our website or use the Google Analytics Opt-Out Browser Add-on, available here.

Personal Data Storage Periods

We do not retain your personal data longer than is necessary for the purposes for which we process such personal data. Upon the expiration of the retention period, personal data will either be securely deleted using encrypted deletion methods or physically destroyed for paper-based records. For analytical or statistical purposes, personal data may be anonymized to remove all identifiers that can link the data to the individual. The Data Protection Officer (DPO) oversees these procedures to ensure compliance with PDPL requirements. The retention periods are determined based on the legal basis for processing, as outlined below:


Legal basisStorage period
Fulfillment of a legal obligation For a period specified by UAE laws, such as tax or AML regulations, which may mandate specific retention periods
Performance of a contract Until legal claims can be enforced in connection with the performed contract, typically up to five years following contract performance
Legitimate interests For as long as a legitimate interest exists, provided that a balancing test confirms this does not override the data subject's rights
Protection of vital interests For as long as necessary to protect the vital interests of the data subject or another person in exceptional cases
Data processing based on consent For the necessary period commensurate with the purpose of processing, but not beyond the withdrawal of consent, unless required for compliance with legal obligations, enforcement of legal claims, or other lawful bases under UAE law

Personal data will only be retained for as long as necessary to fulfill the purposes outlined above, comply with legal obligations, or resolve disputes. Specific retention periods are determined based on the type of data and applicable laws.


Retention Periods:

  • contractual data (e.g., name, address, transaction history): 5 years after the conclusion of the contract;

  • marketing data (e.g., email preferences, consent records): Until consent is withdrawn;

  • compliance data (e.g., for tax and AML purposes): Retained for the period specified by UAE laws (e.g., 5-10 years).;

  • security-related data (e.g., IP addresses for fraud prevention): Retained for 1 year unless otherwise required by law.


Where possible, personal data will be anonymized rather than deleted if retention is required for statistical or research purposes, in compliance with PDPL.


Upon expiration of the retention period, personal data will either be securely deleted using encrypted deletion methods or physically destroyed for paper-based records. For analytical purposes, data may be anonymized to remove all identifiers in compliance with PDPL.

Who else can access your personal data

All your payments made on our websites are processed by Braintree or PayPal, depending on your choice. All payment data (name, surname, address, email address, phone number, bank account number, bank identification number, bank card number, account amount, currency and transaction number) are sent directly to these systems and are not processed by DATA TOWER. We do not store your bank card information, but we do receive some payment information (including the first 6 and last 4 digits of your card, your name, and your email) as a result of the purchases you make. Braintree and PayPal give us access to this payment information. When making any purchase on our websites, you explicitly consent to Braintree or PayPal's processing of your personal data, depending on your choice. These processors operate internationally, and personal data may be transferred outside the UAE. DATA TOWER ensures that these transfers comply with the UAE Personal Data Protection Law (PDPL) through adequate safeguards, including legally binding agreements with Braintree and PayPal to protect your personal data. For more information, we recommend reviewing the privacy policies of these payment processors before making a financial transaction, available on their respective websites.


Managing all our B2B customers, including creating and administering all CORP accounts, is carried out by our official B2B distributor SNTT svetovanje nova tehnična trgovina d.o.o. (Registered seat: Spodnja Senica 20, 1215 Medvode) as a data processor. DATA TOWER transfers only the necessary personal data and account details of the B2B customers (e.g., contact names, job titles, email addresses, and transaction history) to SNTT for account management and marketing activities conducted on behalf of DATA TOWER. The transfer of this data is strictly limited to what is necessary for these purposes and complies with UAE PDPL requirements.


SNTT is obligated to process personal data in accordance with UAE PDPL and the principles set by DATA TOWER, including transparency, fairness, and purpose limitation. DATA TOWER ensures that personal data transferred to SNTT is protected by adequate safeguards, including data processing agreements that comply with UAE PDPL requirements. For more details on SNTT's processing of personal data, please refer to their Privacy Policy available at https://osntt.com/privacy-policy.


By registering a CORP account or purchasing the products and services of DATA TOWER, you explicitly consent to the processing of personal data associated with the CORP accounts by SNTT as our official B2B distributor. Individuals associated with B2B accounts (e.g., employees or representatives) are informed of their rights under UAE PDPL, including the right to access, correct, or delete their data, and may contact us directly to exercise these rights.


DATA TOWER ensures that personal data associated with Private accounts is not transferred to SNTT d.o.o. under any circumstances. Any cross-border transfers of personal data comply with UAE PDPL, ensuring that data is protected at all times and handled lawfully, fairly, and transparently.


For any inquiries about your data or to exercise your rights under UAE PDPL, please contact us at privacy@lampyre.io.


DATA TOWER will never disclose your personal data to third parties unless required to fulfill contractual obligations to you, for organizational purposes, or as a legal or regulatory requirement. The instances of such transfers are specified below:


1. Sharing with Employees and Affiliates


We may share your personal data with our employees and affiliates to achieve the purposes for which you have provided us with your personal data.


2. Engaging Service Providers


To fulfill our contractual obligations and deliver services, we delegate some functions to external specialists, such as payment processors, or legal consultants. These service providers process your personal data only to the necessary extent and under strict confidentiality agreements in compliance with UAE PDPL.


3. Mergers and Acquisitions


In the event of a merger, acquisition, asset sale, or similar organizational change, we may share your personal data with the acquiring entity or other relevant parties involved in the transaction.


4. Legal and Regulatory Requirements


We may disclose your personal data when required to comply with UAE laws, regulations, or lawful requests from regulatory authorities.


5. Cross-Border Transfers

If your personal data is transferred outside the UAE, we ensure that the receiving entity provides an adequate level of data protection or that appropriate safeguards, such as standard contractual clauses, are in place to comply with UAE PDPL.


Consent for Data Sharing


We will obtain your explicit consent before sharing your personal data unless such sharing is required by law, necessary to fulfill a contract, or covered under other lawful bases as per UAE PDPL.


We collect your explicit consent through active measures, such as opt-in checkboxes for each specific purpose. Consent is not assumed from silence, pre-ticked boxes, or inactivity. You can withdraw your consent at any time through your account settings or by contacting us at privacy@lampyre.io. Specific consent is required for:

  • use of cookies for non-essential purposes;

  • cross-border data transfers;

  • processing of personal data for marketing purposes.

Cross-border data transmission

We only process your personal data within the organizational system of our company. We do not transfer your personal data to third parties located outside the European Union to provide services on your behalf in accordance with our agreement.


We primarily process your personal data within the organizational system of our company and within the UAE. However, in certain cases, we may transfer your personal data to third parties located outside the UAE to fulfill contractual obligations, comply with legal requirements, or protect the legitimate interests of the Company or third parties.


Any cross-border data transfer will be conducted strictly in compliance with UAE PDPL and relevant legislation.


To ensure compliance with UAE PDPL, we use the following safeguards for transferring personal data outside the UAE:

  • standard contractual clauses approved under UAE law;

  • agreements ensuring that the receiving party adheres to data protection standards equivalent to UAE PDPL;

  • transfers to jurisdictions recognized by UAE PDPL as having an adequate level of protection.


By providing your personal data, you agree to these safeguards.


Before transferring your personal data outside the UAE, we ensure:

  • the recipient jurisdiction provides an adequate level of protection in line with UAE PDPL requirements;

  • appropriate safeguards, such as contractual clauses approved under UAE law, are in place;

  • your explicit consent has been obtained, unless the transfer is necessary to fulfill a legal obligation, protect vital interests, or perform a contract to which you are a party.


We may transfer your personal data in the following cases:

  • to comply with legal obligations or respond to lawful requests from authorities;

  • to prevent or stop illegal activities and protect the legitimate interests of the Company or third parties.


We take all necessary steps to ensure that your personal data is processed with appropriate security measures, including encryption, secure storage, and compliance with approved legal mechanisms. If you have concerns regarding cross-border transfers, please contact us at privacy@lampyre.io.

Your rights

If you are an individual who uses our software products, websites, and services and provides your personal data to DATA TOWER, you have the following rights under the UAE PDPL:

1. Right to Receive Information

Under Article 13 of PDPL, you are entitled to receive confirmation from us as to whether your personal data is being processed. If processing is in progress, you are entitled to access the following information:

  • the purpose of processing your data;

  • the categories of personal data processed;

  • the recipients or categories of recipients to whom your personal data has been or will be disclosed;

  • where applicable, the intended period for which the personal data will be stored or the criteria used to determine this period;

  • your rights to request rectification, erasure, or restriction of personal data and to object to processing;

  • the right to lodge a complaint with the UAE Data Office;

  • if the data was not collected directly from you, information about its source;

  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and consequences for you.


Your right to receive information includes:

  • personal data concerning you, as defined under Article 14 of PDPL;

  • where applicable, data that can be clearly linked to you.


Provision of Copies


We will provide a copy of your personal data if:

  • you request confirmation of our processing activities;

  • your personal data is being processed;

  • you specifically request a copy of your personal data. Please note that we may charge a reasonable fee for repeated requests or requests that are excessive, as permitted under PDPL.


Timelines for requests to receive information


We will respond to your request within 30 days of receiving it, as mandated by PDPL. In cases of complexity, we may extend this timeline by an additional 30 days, and we will notify you of the reason for the delay.


Restrictions on requests to receive information


In certain cases, we may deny or restrict access to your personal data if required by law, national security, or overriding legal interests. If such a restriction applies, we will inform you of the reason for the denial unless prohibited by law.

2. Right to Request Transfer of Personal Data

If we process your personal data by automated means, you have the right, under Article 14 of the UAE PDPL, to request a copy of your data in a structured, commonly used, and machine-readable format. You may also request that your personal data be transferred to another data controller of your choice, provided this does not interfere with the rights and freedoms of others.


Your right to data portability:

  • covers personal data concerning you;

  • includes pseudonymous data that can be clearly linked to you.

3. Right to rectification

Under Article 15 of the UAE PDPL, you have the right to request that DATA TOWER correct your personal data if you believe it is inaccurate or incomplete. This includes the right to request additional information to ensure your personal data is complete and reliable.


Your right to correct inaccurate data:

  • applies to personal data concerning you as defined in Article 15 of the PDPL.


When We Will Correct or Supplement Your Data


We will correct or supplement your personal data under the following conditions:

  • we process your personal data;

  • the personal data concerned is inaccurate or incomplete;

  • you submit a request for correction or supplementation.


Notification to Recipients

If your personal data is shared with third parties, we will notify those recipients of any corrections made, unless this proves impossible or requires disproportionate effort. Upon request, we will inform you of the recipients of your corrected personal data.


Timeframe for Processing Requests


We will respond to your rectification request within 30 days of receipt. If your request is complex or requires additional time, we may extend this period by an additional 30 days, and we will notify you of the reason for the delay.


Conditions for Denial


We may deny your rectification request if:

  • fulfilling it would conflict with legal obligations or overriding legitimate interests;

  • the request is unfounded or excessive.


If we deny your request, we will notify you of the reasons for the denial, unless prohibited by law.

4. Right to erasure

Under Article 15 of the UAE PDPL, you have the right to request the deletion or de-identification of your personal data. We are committed to ensuring that your data is deleted or anonymized when it is no longer required for processing.


We will delete your personal data without undue delay if:

  • we process your personal data;

  • you request deletion of your personal data; and

  • at least one of the following conditions is met:

    • the personal data is no longer necessary for the purposes for which it was collected, and you do not request a restriction on data processing instead of deletion;

    • the processing is based on your consent, and you withdraw this consent, with no other legal basis for continued processing;

    • you object to the processing of your personal data based on Article 21 of PDPL, and there are no overriding legitimate grounds for processing;

    • the personal data has been processed unlawfully (i.e., without a valid legal basis);

    • deletion is required to fulfill a legal obligation applicable to the Company (Article 4(10) PDPL).


Exemptions


We may deny your request for deletion if:

  • the processing is necessary for the submission, validation, or defense of legal claims;

  • if the request contradicts other legislations to which the Controller is subject;

  • the data is required for public interest archiving, scientific or historical research, or statistical purposes, provided adequate safeguards are in place.


Notification to Recipients


If your personal data has been shared with third parties, we will notify them of the deletion unless this is impossible or involves disproportionate effort. Upon your request, we will provide a list of recipients who were informed of the deletion.


Timelines for Processing Requests


We will process your deletion request within 30 days of receipt. If your request is complex or requires additional time, we may extend this period by an additional 30 days, and we will notify you of the reasons for the delay.


Denial of Requests


If your request for deletion is denied, we will inform you of the reasons for the denial, unless prohibited by law.


De-identification


In cases where full deletion is not feasible, we will de-identify your personal data. This means the data will be anonymized in a way that ensures it cannot be linked back to you as an identifiable individual.

5. Right to Restrict Processing

Under Article 16 of the UAE PDPL, you have the right to request the restriction of processing your personal data. Restricting the processing of your personal data does not mean deleting it. Restriction is intended to suspend further processing and ensure that the data remains unchanged until the purposes of the restriction have been fulfilled.


We may implement tools to restrict your personal data, such as transferring selected data to another system to make it inaccessible to users or temporarily removing the data from public visibility on our website.


You may request a restriction on the processing of your personal data if any of the following conditions apply:

  • you dispute the accuracy of your personal data: in this case, the restriction applies for the period necessary to verify the accuracy of the data;

  • the processing is unlawful, but you object to the deletion of the data and request a restriction on its use instead;

  • we no longer need the personal data for processing, but you require it for the establishment, exercise, or defense of legal claims.

Your right to restriction:

  • applies to personal data concerning you, as defined in Article 16 of the PDPL;

  • includes pseudonymous data that can be clearly linked to you.


Our obligations during a restriction


During the period of restriction, we are only permitted to:

  • store your personal data;

  • process it with your explicit consent;

  • process it to establish, exercise, or defend legal claims, or to protect the rights of another person.


Notifications:

  • if your personal data has been shared with third parties, we will notify them of the restriction unless it is impossible or requires disproportionate effort;

  • process such personal data with your consent;

  • upon your request, we will provide you with a list of notified recipients;

  • if we decide to lift the restriction, we will inform you in advance.

6. Right to Stop Processing

You have the right to object to the processing of your personal data and stop it in any of the following cases:

  • if the processing is intended for the purposes of direct marketing, including profiling related to direct marketing;

  • if the processing is intended for the purposes of conducting statistical surveys, unless the processing is necessary to serve the public interest;

  • if the processing is carried out in violation of Article 5 of the PDPL.


To exercise this right, you may contact us at privacy@lampyre.io. Please specify the grounds for your objection and any relevant details to support your request.

7. Right to Processing and Automated Processing

In accordance with Article 18 of the UAE PDPL, you, as a Data Subject, have the right to object to decisions made solely through automated processing, including profiling, especially when such decisions have a legal impact on you or adversely affect your interests.


Your right to object:

  • you may object to any decision resulting from automated processing if you believe that such decisions negatively affect you. This includes, but is not limited to, decisions based solely on automated profiling.


Exceptions to the Right to Object:


Please note that you cannot object to automated processing decisions in the following circumstances:

  • if the automated processing has been agreed upon under the contract between you and the Controller;

    if the automated processing is required by other applicable laws in the State;

    if you have provided your prior consent to such automated processing, as detailed in Article 6 of the PDPL.


Protection of Your Data


The Controller is obligated to implement appropriate measures to ensure the privacy and confidentiality of your personal data in all cases of automated processing, including those instances mentioned above. These measures are in place to protect your rights and prevent any prejudice.


Human Oversight


You have the right to request human intervention in any automated decision-making process. At your request, the Controller will include a human element to review the decision and ensure that it is fair and appropriate.

Sending requests

To exercise your rights as a data subject under the UAE PDPL, you may submit a request by contacting us via the email address specified in the Contact Details section of this Privacy Policy. Alternatively, you can exercise your rights by accessing the active links provided in your Account.


The individuals affected by the management of CORP accounts have all the rights written in the previous chapter of DATA TOWER's privacy policy and applicable data protection laws. Requests related to data management by SNTT will be directed to DATA TOWER, who will coordinate with SNTT to address the request promptly.


Response Timeline


We will respond to your request within a reasonable timeframe from the date of its receipt. In cases where the request is complex or involves multiple data points, we may extend this period to a longer timeframe. If an extension is necessary, we will notify you within the initial 30-day period.


Fees for Requests


The information you request is generally provided free of charge. However, in accordance with Article 13(3) of the PDPL, we may decline your request or charge a reasonable fee in the following cases:

  • if you request additional copies of information that we have already provided;

  • if your request is clearly excessive or unreasonable, including due to its repetitive nature.


Any fees charged will be proportionate and based on the administrative costs incurred to fulfill your request.


Reject of Requests


DATA TOWER may reject the data subject's request to obtain the information mentioned in Article 13 (1), if the following is established:

  • the request is not related to the information referred to in Article 13 (1), or it is excessively repetitive;

  • the request conflicts with judicial procedures or investigations conducted by competent authorities;

  • the request may negatively affect the efforts of the Controller to protect information security;

  • the request affects the privacy and confidentiality of Personal Data of third parties.

Safety and our responsibility

We store personal data that we receive from you on our own or rented technical devices and on properly protected media. We are committed to implementing appropriate technical and organizational security measures, consistent with industry standards and Article 20 of the UAE PDPL, to protect your personal data from unauthorized or accidental disclosure, access, misuse, loss, or alteration.


In some cases, if we have reasonable doubt regarding the identity of the person making a request for access, correction, or deletion, we may require additional information to verify their identity. This measure ensures that your personal data is shared only with authorized individuals and is protected from unauthorized access.


Please note that this Privacy Policy applies solely to websites, software products, and services developed, operated, or controlled by the Company. Our products may contain hyperlinks and banners that redirect you to third-party websites. If personal data is shared with such third parties as part of our services, we ensure that these third parties comply with UAE PDPL standards. However, the Company is not responsible for the privacy practices or content of such websites or resources. We encourage you to review the Privacy Policy and Terms of Service of each website you visit.


Any data you post in Reports and Comments within the Lampyre platform is visible to third parties. If you provide us with personal data about other individuals, you must obtain their explicit consent. The Company is not responsible for the disclosure of personal data belonging to third parties as part of user-generated content.


We remind you to exercise caution when posting your personal data in the public domain, including the Company's resources. The Company disclaims responsibility for any disclosure of personal data resulting from your actions.


In the unlikely event of a data breach caused by circumstances beyond our control, we will notify you and the UAE Data Office promptly as required under Article 9 of the PDPL. We will provide all available information regarding the breach and take appropriate steps to mitigate its impact.

Limitations

Our software products, websites, and services are intended only for individuals aged 18 years or older. During account registration, we require users to confirm their age. If you are under the age of 18, you must obtain the explicit consent of a legal guardian before providing us with your personal data or using our websites, software products, or services. If we discover that a user under 18 has provided personal data without guardian consent, we will delete this data immediately upon notification.


Please note that any individual who transmits personal data about another person without a valid legal basis, as defined under Article 4 of the UAE PDPL, will be held liable in accordance with applicable laws. The Company reserves the right to take appropriate action in such cases, including notifying the relevant authorities if necessary.

Consent to processing of personal data

Your consent to the provision of personal data to the Company and its processing by the Company remains valid until the Company terminates its activities or until you withdraw your consent, as provided under Article 6(2) and Article 8 of the UAE PDPL.


By consenting to the processing of your personal data, you acknowledge the following:

  • you act voluntarily and consciously in providing your consent;

  • you are aware that the Company processes personal data in accordance with the PDPL;

  • the personal data you provide belongs to you personally, and you are authorized to share it with the Company;

  • you have carefully read and fully understood this Privacy Policy, including the purposes and terms of processing your personal data;

  • you are aware of the identity of the data controller (the Company) and the specific purposes for which your personal data is being processed;

  • you understand your rights under the PDPL, including the right to withdraw consent, request rectification or erasure of your data, and object to processing, among others;

  • you acknowledge and confirm that you understand all the terms of this Privacy Policy and the processing of your personal data as outlined within it;

  • you agree to the terms of processing your personal data as described in this Privacy Policy, without any reservations or limitations.

Withdrawal of consent to processing of personal data

You have the right to withdraw your consent to the processing of your personal data at any time. You can do this by:

  • writing to us at the email address listed in the Contact Details section of this Privacy Policy;

  • using the Account Settings section of your User Account to delete your Account.


Withdrawal of consent is a simple and accessible process that we ensure complies with the UAE PDPL.


Please note:

  • withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;

  • withdrawing your consent or deleting your Account does not result in the automatic removal of any reports, comments, or other user-generated content you have posted while using our Platform. Such content will remain on the site unless:

    • you submit a reasonable request for its removal; or

    • we delete the content as part of routine site management or in response to specific circumstances; or

    • the site ceases to exist.


De-Identification of Personal Data


If your personal data is no longer required for processing, we will delete or de-identify it. De-identification is performed using methods that ensure compliance with the PDPL and prevent any possibility of re-identification. This ensures the continued protection of your data while fulfilling our obligations under UAE law. De-identification involves removing any identifiable elements from the data to ensure it cannot be linked back to you. For example:

  • digital data is deleted using encryption-based methods;

  • physical records are shredded or otherwise destroyed securely;

  • for statistical purposes, anonymized data is retained in compliance with PDPL.

Final Provisions

This Privacy Policy is governed by the laws of the United Arab Emirates, including the UAE PDPL. All PDPL regulations have been considered and complied with during the drafting of this Privacy Policy and the creation of our personal data management procedures.


If you have any questions about this Privacy Policy or concerns regarding how we manage your personal data, please contact us at the email address provided in the Contact Details section of this Privacy Policy


If you believe that our procedures for managing your personal data violate the UAE PDPL, you have the right to file a complaint with the UAE Data. Contact details for the UAE Data Office via Government Portal: https://u.ae


Alternatively, you may also pursue your right to a judicial remedy in accordance with UAE laws through the appropriate UAE courts.

Applicable law

This Privacy Policy and any dispute that may arise between you and DATA TOWER, is governed by the laws of United Arab Emirates, regardless of your location.

Contact details

Website:

https://lampyre.io


Email:

support@lampyre.io


Mail address:

Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.


Other contact details:

https://lampyre.io/contact-us