Effective Date: April 29, 2025
Issued by: Epiidosis Global Finance LLC-FZ
Jurisdiction: Meydan Free Zone Authority, Dubai, United Arab Emirates

1. Introduction

Epiidosis Global Finance LLC-FZ (“Epiidosis”, “we”, “us”, or “our”) is committed to protecting the privacy and personal information of all individuals who interact with our official website at epiidosisglobalfin.com (“Website”). This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal and business information in accordance with applicable UAE laws, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, international regulations such as the General Data Protection Regulation (GDPR), and other globally recognized privacy principles.

This policy applies to all visitors, users, clients, and partners who access or use the Website and its features, including any form submissions, tools, or third-party integrations.

2. Information We Collect

Epiidosis Global Finance LLC-FZ (“Epiidosis”, “we”, “us”) is committed to transparency and legal compliance in all matters of data collection. We collect and process both Personally Identifiable Information (PII) and Non-Personally Identifiable Information (Non-PII) through various channels on our Website, either directly when you choose to provide it or indirectly through your interaction with our digital infrastructure.

This information is collected to enable us to assess service relevance, comply with legal obligations, respond to legitimate inquiries, and enhance your overall experience on the Website. We do not collect any personal data unless we have a valid legal basis to do so, as required under UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection and, where applicable, the General Data Protection Regulation (GDPR).

2.1 Information You Provide Voluntarily

You may provide personal and business information by submitting contact forms, project proposals, service inquiries, subscribing to communications, downloading resources, or interacting with certain features on the Website. This may include, but is not limited to:

• Full Name: To identify the individual submitting an inquiry or request
  
• Email Address: For communication and response purposes
  
• Mobile Phone Number: For urgent follow-ups, verification, or WhatsApp-based contact (with explicit consent)
  
• Country of Residence or Operation: To assess jurisdictional compliance and service eligibility
  
• Company Name, Role, or Affiliation: To understand the business or institutional context of the inquiry
  
• Industry and Service Interests: To tailor our response and refer to appropriate internal or external specialists
  
• Project or Business Details: Including descriptions of investment objectives, compliance needs, or operational goals, typically submitted via web forms, secure message fields, or uploads
  

We strongly advise against submitting sensitive personal data (e.g., financial account numbers, government-issued ID copies, tax identification numbers) through public web forms. Any such information should only be transmitted upon formal engagement and through encrypted channels upon our explicit instruction.

2.2 Information We Collect Automatically

When you access or interact with our Website, we may collect information automatically using a combination of cookies, log files, analytic tools, pixel tags, and server technologies. These technologies help us understand your browsing behavior, diagnose technical issues, and enhance platform security. Information collected includes:

• IP Address: Used to identify geographic access points, monitor abuse, and prevent malicious activity
  
• Browser Type and Version: Collected to optimize Website compatibility and performance
  
• Operating System (OS): Enables responsive rendering and detection of unsupported systems
  
• Device Type and Identifiers: Helps distinguish between mobile, tablet, desktop, or other access mediums; may include device fingerprinting for fraud detection
  
• Date and Time of Visit: For log audits, analytics, and technical troubleshooting
  
• Pages Visited and Time Spent: Tracks user engagement metrics, heat maps, and navigation behavior to improve content relevancy
  
• Referral Source or Campaign: Identifies how the user arrived at the site, whether from search engines, direct traffic, email links, or paid advertisements
  

This data is typically aggregated and anonymized, unless linked to a submitted form or user interaction requiring individualized analysis. In such cases, we process the combined data for legitimate interests such as service refinement, user experience improvement, security monitoring, and performance measurement.

Users may opt out of certain types of automatic data collection by adjusting their browser settings or using cookie consent banners, where applicable. However, some Website features may become partially or fully unavailable when cookies or analytics are disabled.

3. Legal Basis for Processing Personal Data

Epiidosis Global Finance LLC-FZ (“Epiidosis”, “we”, “our”) processes personal and business-related data in full compliance with applicable laws and regulations, including but not limited to Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE), the General Data Protection Regulation (GDPR) (where applicable), and international standards of lawful data handling.

Our legal bases for processing personal data are as follows:

3.1. Consent

We may process your personal data when you have freely, specifically, and unambiguously provided informed consent to do so. This is generally obtained through clear affirmative actions, such as:

• Submitting a contact or inquiry form
  
• Opting in to receive updates or reports
  
• Engaging with tools or features requiring personal information
  

Such consent may cover the use of data for preliminary assessment, onboarding consideration, eligibility screening, or personalized communication. You may withdraw consent at any time by contacting us directly, without affecting the legality of prior processing.

3.2. Pre-contractual Engagement and Due Diligence

We may process your data where it is necessary to take steps at your request prior to entering into a contract. This includes:

• Assessing your service or investment eligibility
  
• Matching your business profile with licensed partners
  
• Performing conflict checks and KYC suitability reviews
  
• Preparing non-binding project or proposal assessments
  

This processing enables us to determine the feasibility of a formal engagement and uphold regulatory obligations tied to pre-contractual transparency and fairness.

3.3. Compliance with Legal and Regulatory Obligations

We may process your information where doing so is necessary to fulfill obligations under applicable UAE laws and Free Zone regulations, including:

• Anti-money laundering (AML) and counter-terrorism financing (CTF) rules
  
• Corporate recordkeeping requirements under UAE commercial code
  
• Data breach notification, cybersecurity directives, and sectoral compliance
  
• Disclosures to regulators, courts, or law enforcement upon lawful request
  

Such processing is mandatory and non-optional where required by national legal frameworks or binding decisions by competent authorities.

3.4. Legitimate Business Interests

We may process your data to pursue legitimate interests of our organization, provided such processing does not override your rights or freedoms. These interests include but are not limited to:

• Responding to general inquiries and assessing client profiles
  
• Enhancing our service offerings, content quality, or digital security
  
• Monitoring Website performance and detecting potential misuse
  
• Facilitating internal audits, business analytics, or strategy refinement
  
• Ensuring the security, availability, and lawful operation of our systems
  

Wherever we rely on legitimate interests, we ensure that a balanced test is conducted to evaluate the necessity and proportionality of such use.

By interacting with this Website, you acknowledge and accept that your data may be processed under one or more of the lawful bases outlined above, with full adherence to applicable data protection laws, transparency principles, and user rights safeguards.

4. How We Use Your Information

Epiidosis Global Finance LLC-FZ (“Epiidosis”, “we”, “us”, or “our”) collects and processes personal and business information through epiidosisglobalfin.com strictly for lawful and legitimate business purposes. These purposes align with our licensed activities under the Meydan Free Zone Authority and applicable data protection laws, including UAE Federal Decree-Law No. 45 of 2021 and global standards such as the EU General Data Protection Regulation (GDPR).

Information collected from Website users—whether submitted voluntarily via forms, captured through interactive tools, or generated automatically through cookies and analytics—may be processed and utilized in the following ways:

4.1 To Initiate and Maintain Communication

• To contact users in response to submitted inquiries, expressions of interest, form entries, or follow-up requests.
  
• To provide service updates, clarify data submissions, offer consultation scheduling, or respond to feedback using the preferred communication channel (email, phone, WhatsApp, or other).
  

4.2 To Assess Service Eligibility and Jurisdictional Suitability

• To perform internal checks regarding geographic restrictions, regulatory compatibility, and compliance conditions based on the user’s location, status, or sector.
  
• To match submitted interests with services permitted under our business license and UAE laws.
  

4.3 To Conduct Preliminary Review of Business or Project Submissions

• To evaluate, summarize, or internally discuss submitted business proposals, project outlines, or funding requests.
  
• To prepare non-binding eligibility assessments for internal use or for onward sharing with qualified experts under confidentiality safeguards.
  

4.4 To Facilitate Analytics, Risk Profiling, and Service Optimization

• To conduct aggregated, anonymized assessments of Website traffic, user behaviors, and form completion patterns.
  
• To analyze user demographics and intent trends in order to refine service offerings, identify areas of interest, or adapt outreach methods.
  

4.5 To Improve Website Performance and User Experience

• To troubleshoot technical issues, enhance load speeds, refine navigation structures, and test usability features based on user interaction data.
  
• To personalize certain experiences or maintain persistent preferences across sessions using cookies or local storage.
  

4.6 To Coordinate with Internal Teams, Strategic Partners, or External Service Providers

• To securely transmit necessary data to authorized personnel, subsidiaries, legal advisors, regulated financial entities, or technology vendors involved in service delivery or evaluation.
  
• To facilitate the secure use of AI tools, report generators, or assessment engines that may process user inputs for structured output (e.g., investment summaries, eligibility diagnostics, etc.).
  

4.7 To Comply with Legal, Regulatory, and Contractual Obligations

• To fulfill obligations under applicable UAE federal legislation, Meydan Free Zone compliance mandates, and international data transfer laws.
  
• To respond to lawful inquiries or regulatory requests, enforce contractual rights, prevent fraud or misuse, and meet recordkeeping or reporting requirements.
  
• To maintain legal defenses, investigate data breaches, or pursue remedies in the event of dispute or misuse.
  

Important Notice: All information is processed under strict confidentiality protocols and used exclusively within the context of professional services, pre-engagement assessments, or preliminary consultations. No profiling, unsolicited marketing, or automated decision-making is performed without the user’s explicit knowledge or legal basis.

5. Sharing and Disclosure of Data

Epiidosis Global Finance LLC-FZ (“Epiidosis”) is committed to ensuring that your personal and business data is handled with the highest standards of confidentiality, integrity, and transparency. We do not engage in the sale, rental, or unauthorized distribution of personal data for commercial or marketing gain. However, under specific, controlled, and legally compliant circumstances, we may share your data as outlined below.

5.1 Internal Use and Access Controls

Your data may be accessed by authorized personnel within Epiidosis strictly on a need-to-know basis, for the following purposes:

• Conducting internal due diligence and risk assessments
  
• Coordinating across departments for project evaluation, investment screening, and advisory matching
  
• Enhancing user experience and platform performance
  
• Fulfilling legal, compliance, or contractual obligations
  

All employees and consultants are bound by confidentiality agreements and data handling protocols aligned with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection, and are regularly trained in secure data practices.

5.2 Disclosure to Licensed Partners and Third-Party Service Providers

Epiidosis may disclose your information to trusted, licensed third parties with whom we have formal contractual agreements and non-disclosure clauses. These include but are not limited to:

• Legal counsel, compliance experts, and financial structuring professionals
  
• Onboarding partners, due diligence specialists, and regulated financial intermediaries
  
• Technology vendors or IT service providers involved in secure communications, hosting, or encryption services
  
• Advisory and fiduciary partners, when necessary to deliver value-added services on your behalf
  

Each such entity is required to use your data solely for the agreed purpose, and is prohibited from using it for independent or unauthorized processing, distribution, or resale.

5.3 Governmental, Regulatory, and Legal Disclosures

Epiidosis may, without your prior consent, disclose your personal or business data to relevant government authorities, regulatory bodies, courts, or enforcement agencies in the United Arab Emirates or internationally, when such disclosure is:\n- Mandated by law, regulation, judicial order, or regulatory directive

• Necessary to comply with UAE Free Zone Authority obligations (including the Meydan Free Zone Authority, the Central Bank of the UAE, the UAE Ministry of Economy, or the Federal Tax Authority)
  
• Required for the prevention, investigation, or prosecution of fraud, financial crime, money laundering, terrorism financing, or cybercrime under UAE Penal Code and related legislations
  
• Deemed essential to protect the rights, safety, and property of Epiidosis, its clients, staff, or third parties
  

Epiidosis will ensure, where possible and appropriate, that such disclosure is minimized and proportionate to the request.

5.4 International Transfer of Data to Trusted Counterparties

Where business processes require collaboration with international entities (e.g., global banks, fund managers, or cross-border compliance teams), Epiidosis may transfer data outside the UAE, subject to:\n- A verified adequate level of data protection in the recipient jurisdiction

• Signed Standard Contractual Clauses (SCCs), Data Processing Agreements (DPAs), or equivalent safeguards
  
• Assurance of compliance with global best practices and relevant international frameworks (e.g., GDPR, OECD guidelines, FATF transparency principles)\n\nEpiidosis will not permit international data transfers without such safeguards being in place.
  

5.5 Absolute Prohibition on Unconsented Commercial Use

We affirm unequivocally that:\n- We do not sell, lease, rent, or trade your personal or business information to any third party for advertising, lead generation, or direct marketing purposes.\n- We do not allow any third party to independently harvest, mine, or analyze user data from our Website.\n- Any marketing communications you receive from us will be based solely on your consent, preferences, or engagement history with Epiidosis.\n\nYou may opt out of such communications at any time without affecting your eligibility for other non-marketing related services.

6. Data Transfers and International Processing

Epiidosis Global Finance LLC-FZ (“Epiidosis”) operates in a global business environment that may necessitate the storage, processing, or access of your personal and business data outside the jurisdiction of the United Arab Emirates. As such, your data may be transferred to or processed in jurisdictions other than where it was originally collected, including but not limited to the European Union, United Kingdom, United States, Singapore, or other jurisdictions where our partners, affiliates, or service providers operate.

These transfers may occur under the following circumstances:

• Secure Cloud Hosting and Data Infrastructure: Your information may be stored on secure third-party cloud servers or data centers that are physically located outside of the UAE. These service providers are selected based on their security certifications, data protection policies, and compliance with internationally recognized standards such as ISO/IEC 27001 and SOC 2.
  
• Engagement of International Affiliates and Partners: If your inquiry, project, or onboarding process requires collaboration with Epiidosis’ vetted legal, financial, or compliance partners in other jurisdictions, your data may be shared with such entities to fulfill the purposes for which it was collected, including but not limited to due diligence, documentation review, financial structuring, or eligibility assessments.
  
• Cross-border Professional Processing and Analysis: For purposes of business intelligence, investor profiling, sector-specific eligibility, or risk assessments, your data may be securely transmitted to specialized analytics teams or platforms hosted in other countries that adhere to strict contractual confidentiality and data security obligations.
  

Lawful Basis and Protection Mechanisms

All such international transfers are conducted in compliance with applicable UAE laws, particularly Article 22 of the Federal Decree-Law No. 45 of 2021 (PDPL) and in alignment with recognized global frameworks. We ensure that:

• Transfers are limited to jurisdictions that provide an adequate level of data protection as assessed by the UAE Data Office or as validated by contractual or organizational safeguards.
  
• In cases where the receiving jurisdiction does not provide a similar level of protection, transfers are governed by legally binding agreements, including:
  
  • Standard Contractual Clauses (SCCs) approved by international data protection authorities
    
  • Binding Corporate Rules (BCRs) where data is shared within an affiliated group
    
  • Inter-organization Data Transfer Agreements with specific confidentiality, purpose limitation, and non-disclosure clauses
    
  • Explicit and informed consent from the data subject, where required
    

Epiidosis takes all commercially reasonable steps to verify that your data, once transferred, is handled in accordance with our internal security policies, and that the third parties involved apply adequate physical, technical, and organizational safeguards.

We periodically review the adequacy of data protection measures taken by such foreign service providers and ensure contractual remedies are available in case of breach.

Note: By using our Website and submitting your personal or business information, you expressly acknowledge and agree to the potential for international transfer and processing of your data under the terms outlined above.

 

7. Data Retention

Epiidosis Global Finance LLC-FZ (“Epiidosis”) maintains a strict data retention and disposal policy that governs how long personal, business, and operational data are preserved, stored, or destroyed. Our retention protocols are designed to comply with applicable UAE federal regulations, Meydan Free Zone rules, international legal obligations, and industry-standard risk mitigation practices.

We retain personal data only for as long as is strictly necessary to achieve the specific purposes for which it was originally collected or for related compatible purposes, which may include:

• Fulfilling the objectives outlined in this Privacy Policy, such as service evaluation, communication, compliance screening, or processing user-initiated requests
  
• Executing or preparing pre-contractual or contractual obligations, including advisory engagement, risk assessments, or onboarding processes
  
• Meeting regulatory and statutory record-keeping requirements, including those set forth by UAE Commercial Companies Law, Anti-Money Laundering (AML) regulations, Know-Your-Customer (KYC) compliance standards, VAT regulations, and Free Zone reporting requirements
  
• Complying with judicial or governmental requests, litigation holds, audit trails, or investigations by competent legal or financial authorities
  
• Preserving evidence for dispute resolution, fraud detection, or the enforcement of legal rights where there is a possibility of litigation or claim, including breach of contract or tort claims
  

Data may be retained in both digital and physical formats depending on its nature, classification, and regulatory treatment. When data is retained for extended periods, Epiidosis will ensure it is stored in a secure and access-restricted environment with appropriate encryption, archival management, and retention tagging.

Once the applicable legal, contractual, and operational retention periods have expired, and where no further lawful basis exists for continued processing, we will undertake one of the following actions:

• Secure Erasure: Permanent deletion of digital data using industry-approved wiping protocols
  
• Anonymization: Irreversibly de-identifying data such that it can no longer be linked to any individual
  
• Controlled Disposal: For physical records, shredding or certified destruction through licensed vendors in accordance with UAE laws
  

Users should be aware that, under certain conditions, data may be retained longer than initially anticipated if required to comply with evolving legal duties, such as ongoing investigations, bankruptcy proceedings, audits, or formal regulatory inquiries.

8. Cookies and Tracking Technologies

Epiidosis Global Finance LLC-FZ (“Epiidosis”, “we”, “our”, or “us”) utilizes cookies and similar tracking technologies on epiidosisglobalfin.com (the “Website”) to enhance user experience, ensure functional integrity, and gain insights into Website usage. This section explains the nature of these technologies, their purposes, and the choices available to you as a user.

8.1 What Are Cookies?

Cookies are small data files placed on your device (computer, tablet, smartphone) when you visit a website. They are widely used to make websites function more efficiently, as well as to provide data to the site owners. Cookies may be session-based (which expire when you close your browser) or persistent (which remain until manually deleted or they expire based on a pre-set duration).

We may also use local storage, web beacons, tracking pixels, tags, and scripts, which function similarly for analytics, diagnostics, and technical enablement.

8.2 Categories of Cookies Used

We use the following types of cookies and technologies:

• Strictly Necessary Cookies: Essential for the operation of the Website (e.g., page navigation, session management). Disabling these may render the Website unusable.
  
• Performance and Analytics Cookies: Used to collect aggregated information about how visitors interact with the Website, including which pages are visited, duration of visits, and clickstream data. This helps us monitor site performance and improve design and functionality.
  
• Functionality Cookies: Enable the Website to remember user preferences and choices (such as language, region, form auto-fill data) to provide a more personalized experience.
  
• Third-Party Cookies: Set by services or tools integrated into the Website, such as Google Analytics, Hotjar, or embedded CRM platforms. These providers may use the information for their own analytics or service improvement purposes, subject to their respective privacy policies.
  
• Security Cookies: Used to detect abuse, enforce authentication protocols, and prevent fraudulent use of login credentials or contact forms.
  

8.3 Purpose of Using Cookies

We employ these technologies to:

• Understand how users interact and navigate through our Website
  
• Remember and honor user preferences across sessions
  
• Enable features such as form submissions, language selection, and secure login
  
• Improve load times, user interface responsiveness, and overall performance
  
• Track referral sources and measure campaign effectiveness
  
• Ensure Website security and prevent unauthorized access
  

8.4 Your Choices and Controls

You may control or restrict the use of cookies through your browser settings. Most browsers allow users to:

• Accept or reject all cookies
  
• Delete existing cookies
  
• Set preferences for certain websites
  
• Receive alerts before a cookie is stored
  

Instructions on how to manage cookies can typically be found in your browser’s “Settings” or “Privacy” section. If you use multiple devices or browsers, you will need to set preferences for each individually.

Important: Disabling or restricting cookies may affect the availability or functionality of certain sections or features of the Website. In particular, tools requiring session memory or external script integration may cease to function properly.

8.5 Legal Basis for Cookie Use

Our use of cookies is based on:

• Legitimate interest in delivering a secure, functioning, and user-friendly experience
  
• Consent, where required by applicable laws, especially for non-essential cookies or third-party services
  
• Compliance with Federal Decree-Law No. 45 of 2021 (UAE) and Regulation (EU) 2016/679 (GDPR), as applicable
  

Users accessing the Website from jurisdictions requiring prior consent for cookie usage (such as the European Union) will be presented with a cookie banner or settings tool to manage preferences explicitly.

9. Data Security

At Epiidosis Global Finance LLC-FZ, we recognize that safeguarding your personal and business data is a critical obligation and an essential part of our commitment to integrity, trust, and regulatory compliance. We have implemented a comprehensive framework of technical, organizational, administrative, and procedural safeguards to ensure that your data remains protected from unauthorized access, misuse, alteration, or destruction.

9.1 Technical Measures

Our technical infrastructure is fortified using industry-standard and state-of-the-art protective measures, including but not limited to:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols to prevent interception during transit.
  
• Firewall and Intrusion Detection Systems (IDS): Our servers are protected by network-layer firewalls and monitored using intrusion detection systems that flag suspicious access attempts in real time.
  
• Multi-factor Authentication (MFA) and Role-Based Access Controls (RBAC): Only authorized personnel have access to systems containing personal data, based strictly on their job role and operational necessity.
  

9.2 Organizational and Administrative Controls

To ensure robust internal data governance, we have implemented:

• Access Management Protocols: Internal systems enforce least-privilege principles, granting access strictly on a need-to-know basis.
  
• Mandatory Staff Training: All employees and contractors undergo recurring data protection and cybersecurity training, including modules on phishing, secure communications, and regulatory obligations.
  
• Signed Confidentiality Agreements: All personnel are legally bound by Non-Disclosure Agreements (NDAs) that continue post-employment.
  

9.3 Third-Party and Supply Chain Security

Where we use third-party platforms, service providers, or cloud infrastructure, we ensure:

• Due Diligence & Risk Assessment: All third parties undergo a data protection and compliance review prior to onboarding.
  
• Contractual Safeguards: Data processing agreements (DPAs) are executed with all vendors handling personal or business data, binding them to data security, breach notification, and confidentiality obligations.
  

9.4 Limitations of Liability and Breach Response

While we are committed to maintaining the highest levels of data protection, no security system is infallible. Accordingly, we cannot guarantee absolute immunity against sophisticated cyber threats or zero-day exploits.

In the event of a confirmed data breach that compromises the confidentiality, integrity, or availability of personal data:

• We will promptly assess the scope and impact of the breach.
  
• Where required by UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data or other applicable regulations, we will notify affected users and relevant supervisory authorities without undue delay.
  
• We will take immediate remedial action, including containment, system hardening, and notification of impacted stakeholders, along with full forensic investigation and audit trails.
  

This clause shall be interpreted in accordance with applicable cybersecurity directives issued by the UAE Telecommunications and Digital Government Regulatory Authority (TDRA) and other international frameworks including ISO/IEC 27001, NIST Cybersecurity Framework, and GDPR Article 32 on Security of Processing.

10. Your Rights as a Data Subject

Epiidosis Global Finance LLC-FZ respects your legal rights regarding the access, control, and processing of your personal and business data. In accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) of the United Arab Emirates, and where applicable, the General Data Protection Regulation (GDPR) and other international privacy regulations, you may exercise one or more of the following rights depending on your jurisdiction and the nature of the data processed.

10.1 Right to Access

You have the right to request confirmation of whether Epiidosis is processing your personal data. If so, you may request access to that data, including the categories of data held, purposes of processing, retention periods, and parties with whom the data has been shared. We will provide this information in a structured, machine-readable format unless otherwise required.

10.2 Right to Rectification

You have the right to request that we promptly correct any personal data that is inaccurate, incomplete, outdated, or misleading. We will update our records accordingly and, where applicable, notify relevant third parties with whom the data was shared.

10.3 Right to Erasure (Right to Be Forgotten)

Subject to applicable legal and regulatory exceptions (e.g., retention under commercial, tax, or compliance laws), you may request that your personal data be deleted or anonymized if:\n- The data is no longer necessary for the purpose it was collected\n- You withdraw your consent\n- The data has been unlawfully processed\n- You successfully object to processing\n\nThis right may not apply where data retention is required by legal obligation, dispute resolution, or regulatory reporting.

10.4 Right to Restrict Processing

You may request that we temporarily suspend processing of your data if:\n- You contest the accuracy of the data (for the duration of verification)\n- Processing is unlawful and you prefer restriction to erasure\n- The data is no longer needed but required for legal claims\n- You have objected to processing and we are verifying legitimate grounds\n\nRestricted data will only be processed with your consent or for legal defense, protection of rights, or important public interests.

10.5 Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format. You may also request transmission of that data to another data controller, where technically feasible.

10.6 Right to Object

You may object to processing of your personal data, particularly where:\n- Processing is based on our legitimate interest and no compelling grounds override your rights\n- Your data is being used for direct marketing\n\nWe will promptly honor your objection unless we are legally permitted or required to continue processing.

10.7 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent does not affect the legality of processing carried out prior to such withdrawal.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the appropriate data protection supervisory authority in your jurisdiction if you believe that your rights under applicable data protection laws have been violated.

Exercising Your Rights

To exercise any of the rights described above, or to raise concerns about how your data is being processed, you may contact our Privacy Office directly:

📧 Email: legal@epiidosisglobalfin.com
📞 Tel: +971-55-497-3941
📍 Address: Privacy & Compliance Office, Epiidosis Global Finance LLC-FZ, Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, UAE

We aim to respond to all valid requests within 30 calendar days. In some cases, we may require identity verification or clarification of your request before proceeding. Where legally permissible, we may decline requests that are unfounded, excessive, or would infringe upon the rights of others.

11. Third-Party Links

This Website may contain links to third-party websites, tools, or plugins. Epiidosis is not responsible for the privacy practices or content of such external websites. Users are encouraged to review their privacy policies before interacting.

12. Changes to this Privacy Policy

Epiidosis Global Finance LLC-FZ (“Epiidosis”, “we”, “our”, or “us”) reserves the full right, at its sole discretion and without prior notice, to modify, amend, update, revise, supplement, or replace this Privacy Policy in whole or in part at any time, for any reason, including but not limited to:

• Compliance with changes in applicable laws, regulations, or government directives under UAE law or other relevant jurisdictions;
  
• Implementation of new technologies, tools, or data processing methods;
  
• Expansion of service offerings, partnerships, or operational jurisdictions;
  
• Enhancement of data protection practices in accordance with international standards such as GDPR, OECD privacy guidelines, or cross-border data transfer frameworks;
  
• Responses to emerging privacy risks, cybersecurity threats, or feedback from supervisory authorities.
  

Any updates or modifications will be published directly on this page and will be clearly marked with a new “Effective Date” at the top of the Privacy Policy. It is the responsibility of each user, data subject, or website visitor to regularly review this policy to remain informed of any changes. We encourage you to print or save a copy of the current version for your records.

Your continued use of the Website following the publication of any modifications to this Privacy Policy shall constitute your conclusive and binding acceptance of those changes, including any updates to the way we collect, use, share, or protect your personal information.

Should any changes materially affect your data rights, especially where legally required, we will use commercially reasonable efforts to provide additional notice, which may include email notifications (if provided), banners on the Website, or direct consent requests before the new terms apply.

If you do not agree with the revised Privacy Policy, you must discontinue use of the Website immediately. Failure to do so shall be deemed as your unconditional agreement to be bound by the revised terms.

This clause is in compliance with Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL) and is intended to preserve transparency, legal certainty, and data subject rights in accordance with the laws of the United Arab Emirates and global privacy standards.

13. Contact Information

Privacy & Data Protection Office
Epiidosis Global Finance LLC-FZ
6th Floor, Meydan Grandstand, Meydan Road
Nad Al Sheba, Dubai, UAE
📧 Email: privacy@epiidosisglobalfin.com
📞 Phone: +971-55-497-3941

By using this Website, you acknowledge that you have read, understood, and agree to this Privacy Policy and the lawful processing of your personal data as described herein.