Privacy Policy

PrimeComply Ltd.
Last Updated: January 3, 2026

Overview

This Privacy Policy explains how PrimeComply collects, uses, and protects your personal information when you visit our website. We are committed to safeguarding your privacy and being transparent about our data practices.

1. Who We Are

1.1 Data Controller

PrimeComply Ltd. is the data controller responsible for your personal data collected through this website.

PrimeComply Ltd.
[INSERT REGISTERED ADDRESS]
Dubai International Financial Centre
United Arab Emirates

Email: legal@primecomply.io

1.2 Scope of This Policy

This Privacy Policy applies to personal data collected through:

Our website at primecomply.io
Contact forms and demo request forms
Newsletter subscriptions
Analytics and cookies

This Privacy Policy does not apply to:

The PrimeComply platform or software products (governed by separate agreements)
Third-party websites linked from our website
Information collected offline or through other channels

1.3 Data Protection Officer

For data protection inquiries, please contact:

Email: legal@primecomply.io
Subject Line: Data Protection Inquiry

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when you:

Activity	Information Collected
Contact forms	Name, email address, company name, job title, message content
Demo requests	Name, email address, company name, job title, phone number (optional), company size, industry
Newsletter signup	Email address, name (optional)
Event registration	Name, email address, company name, job title

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

Device and Browser Information

IP address (anonymised where possible)
Browser type and version
Operating system
Device type (desktop, mobile, tablet)
Screen resolution

Usage Information

Pages visited and time spent on each page
Referring website or source
Click patterns and navigation paths
Date and time of visits

Location Information

Country and city (derived from IP address)
Time zone

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect and store information. For detailed information about the cookies we use, please see our Cookie Policy.

Categories of Cookies:

Category	Purpose	Examples
Essential	Required for website functionality	Session management, security
Analytics	Help us understand how visitors use the website	PostHog

3. How We Use Your Information

3.1 Legal Bases for Processing

We process your personal data based on the following legal grounds:

Purpose	Legal Basis
Responding to your inquiries	Legitimate interest; performance of pre-contractual steps
Sending requested information	Performance of contract; consent
Newsletter communications	Consent
Website analytics	Legitimate interest
Security and fraud prevention	Legitimate interest; legal obligation
Legal compliance	Legal obligation

3.2 Specific Purposes

To Communicate With You

Respond to contact form submissions and demo requests
Provide information about our products and services
Send newsletters and updates (with your consent)
Notify you about changes to our services or policies

To Improve Our Website

Analyse website usage patterns and trends
Identify and fix technical issues
Optimise user experience and content
Conduct A/B testing and research

To Protect Our Business

Detect and prevent fraud, abuse, or security incidents
Enforce our Terms of Use
Comply with legal obligations
Protect our rights and the rights of others

3.3 Marketing Communications

We will only send you marketing communications if you have:

Opted in via our newsletter signup, or
Requested a demo or contacted us about our services and have not opted out

You can unsubscribe from marketing communications at any time by:

Clicking the “unsubscribe” link in any email
Emailing us at legal@primecomply.io
Updating your preferences (where available)

4. Third-Party Services

4.1 Data Processing Agreements

We have entered into data processing agreements with our service providers that require them to:

Process data only on our documented instructions
Ensure confidentiality of personal data
Implement appropriate security measures
Assist with data subject rights requests
Delete or return data upon termination

4.2 Third-Party Links

Our website contains links to third-party websites, including social media platforms and regulatory body websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal information.

We may share your personal data in the following circumstances:

With Service Providers We share data with trusted service providers who assist us in operating our website, as described in Section 4.

For Legal Reasons We may disclose your data if required to do so by law or in response to valid requests by public authorities (e.g., courts, regulators, law enforcement).

Business Transfers If PrimeComply is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.

With Your Consent We may share your data for other purposes with your explicit consent.

We do not:

Sell your personal data to third parties
Share your data with third parties for their own marketing purposes
Provide your data to data brokers

6. International Data Transfers

6.1 Where Data is Processed

Your personal data may be transferred to and processed in countries outside your country of residence, including:

United Arab Emirates (our primary location)
United States (some service providers)
European Union (some service providers)

6.2 Safeguards for International Transfers

When we transfer personal data internationally, we ensure appropriate safeguards are in place:

For transfers from the EU/UK:

Standard Contractual Clauses (SCCs) approved by the European Commission
UK International Data Transfer Agreement (IDTA) or UK Addendum to SCCs
Adequacy decisions where applicable

For transfers from the UAE:

Compliance with UAE Federal Decree-Law No. 45 of 2021 (PDPL)
DIFC Data Protection Law requirements (where applicable)

6.3 Data Localisation

Where legally required or where you request it, we can discuss options for data localisation. Please contact us at legal@primecomply.io.

7. Data Retention

7.1 Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

Data Type	Retention Period	Rationale
Contact form submissions	2 years from last contact	Business relationship management
Demo request information	2 years from last contact	Sales follow-up and relationship management
Newsletter subscriptions	Until unsubscribe + 30 days	Service delivery and record-keeping
Analytics data	26 months	Trend analysis and website improvement
Error logs	90 days	Technical troubleshooting
Legal/compliance records	7 years	Legal obligations

7.2 Deletion and Anonymisation

When retention periods expire, we will:

Securely delete personal data, or
Anonymise data so it can no longer identify you (for statistical purposes)

8. Data Security

8.1 Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

Technical Measures

Encryption of data in transit (TLS/HTTPS)
Encryption of data at rest
Regular security assessments and penetration testing
Access controls and authentication
Monitoring and logging

Organisational Measures

Employee training on data protection
Data protection policies and procedures
Vendor security assessments
Incident response procedures

8.2 Security Incidents

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

Notify relevant supervisory authorities within required timeframes
Notify affected individuals where required by law
Take immediate steps to contain and remediate the breach
Document the breach and our response

8.3 Your Responsibilities

While we take security seriously, you also play a role in protecting your information. Please do not share sensitive personal information through unsecured channels.

9. Your Rights

9.1 Rights Available to All Users

Depending on your location, you may have the following rights regarding your personal data:

Right	Description
Access	Request a copy of the personal data we hold about you
Rectification	Request correction of inaccurate or incomplete data
Erasure	Request deletion of your personal data (“right to be forgotten”)
Restriction	Request that we limit how we use your data
Portability	Request your data in a structured, machine-readable format
Objection	Object to processing based on legitimate interests or for direct marketing
Withdraw Consent	Withdraw consent at any time (where processing is based on consent)
Complaint	Lodge a complaint with a supervisory authority

9.2 How to Exercise Your Rights

To exercise any of these rights, please contact us:

Email: legal@primecomply.io
Subject Line: Data Subject Request - [Right Being Exercised]

Please provide:

Your name and email address (for identification)
The specific right you wish to exercise
Any relevant details to help us locate your data

We will respond to your request within:

30 days (GDPR/UK GDPR)
45 days (CCPA/CPRA)
30 days (UAE PDPL)

If we need more time, we will inform you of the extension and reasons.

9.3 Verification

To protect your privacy, we may need to verify your identity before processing your request. We will not charge a fee for most requests, but may charge a reasonable fee for manifestly unfounded or excessive requests.

10. Region-Specific Provisions

10.1 European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, the following additional provisions apply:

Legal Basis for Processing We process your personal data based on the legal grounds described in Section 3.1. Where we rely on legitimate interests, we have conducted balancing tests to ensure your rights are protected.

Supervisory Authorities You have the right to lodge a complaint with your local data protection authority:

UK: Information Commissioner’s Office (ICO) - ico.org.uk
EU: Your local Data Protection Authority - List of EU DPAs

Automated Decision-Making We do not use automated decision-making or profiling that produces legal or similarly significant effects on the website.

10.2 United States

If you are located in the United States, the following additional provisions apply:

California Residents (CCPA/CPRA)

Categories of Personal Information Collected:

Identifiers (name, email, IP address)
Commercial information (inquiries about our services)
Internet activity (browsing history, interactions with our website)
Professional information (job title, company)

Your California Rights:

Right to know what personal information we collect, use, and disclose
Right to delete personal information
Right to correct inaccurate personal information
Right to opt out of “sales” or “sharing” of personal information
Right to limit use of sensitive personal information
Right to non-discrimination for exercising your rights

We Do Not “Sell” or “Share” Personal Information As defined under CCPA/CPRA, we do not sell your personal information to third parties, nor do we share it for cross-context behavioural advertising.

Authorised Agent: You may designate an authorised agent to make requests on your behalf. We may require verification of the agent’s authority.

Virginia, Colorado, Connecticut, and Other State Residents

Residents of states with comprehensive privacy laws have similar rights to those described above. Please contact us to exercise your rights.

10.3 United Arab Emirates

If you are located in the UAE, the following additional provisions apply:

UAE Personal Data Protection Law (PDPL) We process your personal data in accordance with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection and its implementing regulations.

DIFC Data Protection Law As a DIFC-incorporated entity, we also comply with DIFC Law No. 5 of 2020 (Data Protection Law) for data processing activities within the DIFC.

Your Rights Under UAE Law:

Right to access your personal data
Right to request correction of inaccurate data
Right to request deletion or destruction of data
Right to withdraw consent
Right to object to processing
Right to lodge a complaint with the UAE Data Office

10.4 Other Jurisdictions (GCC)

For residents of Saudi Arabia, Qatar, Bahrain, and other GCC countries, we comply with applicable local data protection requirements. If you have questions about how local laws apply to your data, please contact us.

11. Children’s Privacy

Our website is not intended for children under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at legal@primecomply.io.

If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The “Last Updated” date at the top of this page indicates when the policy was last revised.

12.2 Notification of Changes

For significant changes, we will provide prominent notice, such as:

A banner on our website
An email to subscribers (where we have your contact information)
Updated “Last Updated” date

12.3 Continued Use

Your continued use of the website after any changes to this Privacy Policy constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: