NOORAI LIMITED Website Privacy Policy

Introduction

Welcome to NOORAI LIMITED's privacy policy. NOORAI LIMITED respects your privacy and is committed to protecting your personal data. This privacy policy informs you about how we handle your personal data when you visit our website and explains your privacy rights under the law.

---

1. Important Information and Who We Are

Purpose of This Privacy Policy

This policy outlines how NOORAI LIMITED collects and processes your personal data through your use of our website, including when you:

• Sign up for newsletters.
• Purchase products or services.
• Participate in competitions.

Note: This website is not intended for children, and we do not knowingly collect data from children.

Controller

NOORAI LIMITED is the controller responsible for this website. For questions about this policy, contact our Data Privacy Manager:

• Full Name of Legal Entity: NOORAI LIMITED
• Email Address: info@noorai.ai
• Postal Address: ADGM Square NOORAI Limited, Floor No. 11, Al Sarab Tower, ADGM Square, Al Mariyah Island, Abu Dhabi, United Arab Emirates

Complaints: You may lodge a complaint with a privacy supervisory authority in your jurisdiction. A list of EU authorities is available here.

Changes to the Policy

Last updated: 10 March 2025. Please inform us if your personal data changes during your relationship with us.

Third-Party Links

We are not responsible for the privacy practices of third-party websites linked on our site. Always review their privacy policies.

---

2. The Data We Collect About You

Personal data includes any information that can identify you. We collect:

| Category | Examples | | -------------------------- | ------------------------------------------------------------- | | Identity Data | Name, username, marital status, title, date of birth, gender. | | Contact Data | Address, email, phone number. | | Financial Data | Bank account, payment card details. | | Transaction Data | Payment history, product/service purchases. | | Technical Data | IP address, browser type, device information. | | Profile Data | Username, password, preferences, feedback. | | Usage Data | How you use our website/products. | | Marketing & Communications | Preferences for receiving marketing materials. |

Aggregated Data (e.g., statistical data) is not personal data unless combined with identifiable information.

Exclusions: We do not collect Special Categories of Personal Data (e.g., health, race) or criminal conviction data.

---

3. How We Collect Your Personal Data

• Direct Interactions: Forms, correspondence, account creation, surveys.
• Automated Technologies: Cookies, server logs (see Cookie Notice).
• Third Parties: Analytics providers (e.g., Google), payment services, public sources.

---

4. How We Use Your Personal Data

We process data based on:

• Contractual necessity.
• Legitimate interests (balanced against your rights).
• Legal compliance.

Lawful Basis Table

| Purpose/Activity | Data Types | Lawful Basis | | ------------------------------------ | ----------------------------------------- | ----------------------------------------------------------------- | | Registering as a new customer | Identity, Contact | Contract performance. | | Processing orders/payments | Identity, Contact, Financial, Transaction | Contract performance; Legitimate Interest (debt recovery). | | Managing customer relationships | Identity, Contact, Profile, Marketing | Contract; Legal obligation; Legitimate Interest (record-keeping). | | Administering competitions/surveys | Identity, Contact, Profile, Usage | Contract; Legitimate Interest (business growth). | | Website security/business operations | Identity, Contact, Technical | Legitimate Interest (fraud prevention); Legal obligation. | | Marketing/advertising | Identity, Contact, Profile, Usage | Legitimate Interest (business growth). | | Data analytics | Technical, Usage | Legitimate Interest (improving services). |

Marketing: Opt-out anytime by contacting us.
Cookies: Disabling cookies may limit website functionality.

---

5. Data Sharing

We may share data with:

• NOORAI LIMITED Group companies.
• Service providers/professional advisors.
• Third parties during business transfers (e.g., mergers).
• Authorities to comply with legal obligations.

All third parties must adhere to data protection laws.

---

6. International Transfers

Data may be transferred outside the EEA with safeguards:

• Adequacy decisions.
• Standard contractual clauses.
• Privacy Shield (for US transfers).

Contact us for details.

---

7. Data Security

We implement measures to protect your data but cannot guarantee internet transmission security. Report breaches to us immediately.

---

8. Data Retention

We retain data only as long as necessary:

• Legal requirement: 6 years for customer data (tax purposes).
• Deletion requests: See Section 9.

Anonymized data may be kept indefinitely for research.

---

9. Your Legal Rights

You may:

• Request access, correction, or erasure.
• Object to processing (e.g., direct marketing).
• Request data portability or restrict processing.
• Withdraw consent (where applicable).

Response time: Typically within one month. No fee unless excessive requests.

---

10. Glossary

• Legitimate Interest: Balancing business needs with your rights.
• Performance of Contract: Processing necessary for contractual obligations.
• Legal Obligation: Processing required by law.