Data Privacy Policy

Last Updated: January 2025
Effective Date: January 2025

1. Introduction

Versaa Tech ("we", "us", "our", "the Company") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, process, store, and protect your personal information in accordance with applicable data protection laws, including the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL"), the General Data Protection Regulation ("GDPR"), and other relevant privacy laws in jurisdictions where we operate.

We are a human resources consulting firm headquartered in the United Arab Emirates, providing recruitment services, executive search, HR outsourcing, payroll management, and related professional services globally. This policy applies to all personal data we process in connection with our services, whether collected online, offline, or through third parties, regardless of geographic location.

2. Legal Basis and Controller Information

Data Controller

Company Name: Versaa Tech

Address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E

Email: info@versaatech.com

We process personal data based on the following legal grounds under applicable data protection laws:

  • Consent: Where you have given clear consent for specific processing activities
  • Contract Performance: Where processing is necessary for the performance of our services
  • Legal Obligations: Where we are required to process data to comply with applicable laws
  • Legitimate Interests: Where processing is necessary for our legitimate business interests (balanced against your rights and interests)
  • Vital Interests: Where processing is necessary to protect someone's life or physical safety
  • Public Task: Where processing is necessary for the performance of a task carried out in the public interest

3. Territorial Scope and Applicable Laws

This Privacy Policy applies globally to the processing of personal data of:

  • All individuals who use our services or interact with our platforms
  • Job candidates and employees regardless of location
  • Corporate clients and their representatives worldwide
  • Website visitors from any jurisdiction

Specific Legal Frameworks:

  • UAE: Federal Decree-Law No. 45 of 2021 (PDPL) - primary jurisdiction
  • European Union: General Data Protection Regulation (GDPR) - for EU residents
  • United Kingdom: UK GDPR and Data Protection Act 2018
  • Other Jurisdictions: Applicable local data protection and privacy laws

4. Types of Personal Data We Collect

From Job Candidates

  • Personal identification: Full name, date of birth, nationality, Emirates ID/passport details
  • Contact information: Email address, phone numbers, residential address
  • Professional information: CV/resume, work history, qualifications, certifications
  • Educational background: Degrees, institutions, academic achievements
  • References and background check information
  • Salary expectations and employment preferences
  • Interview notes and assessments

From Corporate Clients

  • Company information: Business name, license details, industry sector
  • Contact persons: Names, job titles, email addresses, phone numbers
  • Job requirements and specifications
  • Contract and billing information
  • Employee data for outsourcing and payroll services

Website and Digital Interactions

  • Website usage data: IP address, browser type, device information
  • Cookies and tracking technologies data
  • Form submissions and inquiries
  • Communication preferences

5. How We Collect Personal Data

We collect personal data through:

  • Direct submission via our website forms, email, or in-person meetings
  • Job applications and CV submissions
  • Client engagement and service delivery processes
  • Third-party sources (with appropriate consent): recruitment platforms, referrals, public directories
  • Cookies and automated technologies on our website
  • Background verification services (with consent)
  • Social media platforms and professional networks (LinkedIn, etc.)

6. Purposes of Processing Personal Data

We process your personal data for the following purposes:

Recruitment Services

  • Matching candidates with suitable job opportunities
  • Conducting interviews and assessments
  • Background verification and reference checks
  • Facilitating placement and onboarding processes

HR Outsourcing & Payroll Services

  • Processing payroll and benefits administration
  • Managing employee records and compliance
  • Handling leave management and attendance tracking
  • Providing HR advisory and consulting services

Business Operations

  • Client relationship management and service delivery
  • Contract administration and billing
  • Quality assurance and service improvement
  • Legal compliance and regulatory reporting
  • Business analytics and market research

7. Data Sharing and Third-Party Disclosure

We do not sell, rent, or trade your personal data. We may share your information with:

  • Prospective Employers: With explicit consent for recruitment purposes
  • Service Providers: IT services, background check providers, cloud storage (with data processing agreements)
  • Professional Partners: Other recruitment firms, HR consultants (with appropriate safeguards)
  • Legal Authorities: When required by UAE law, court orders, or regulatory requests
  • Affiliated Entities: Within our corporate group for legitimate business purposes

All third parties are contractually bound to protect your data and use it only for specified purposes.

8. International Data Transfers

As a global HR services provider, we may transfer personal data across international borders. We implement appropriate safeguards to ensure your data remains protected:

Transfer Mechanisms

  • Adequacy Decisions: To countries with recognized adequate protection levels
  • Standard Contractual Clauses: EU-approved data transfer agreements
  • Binding Corporate Rules: Internal data protection standards
  • Explicit Consent: Where you have specifically agreed to the transfer
  • Contract Necessity: Where transfer is essential for service delivery

We ensure all international transfers comply with applicable data protection laws including UAE PDPL, GDPR, and other relevant regulations in both source and destination jurisdictions.

9. Your Data Protection Rights

You have the following rights regarding your personal data (specific rights may vary by jurisdiction):

Right of Access

Request copies of your personal data and information about how it's processed

Right to Rectification

Request correction of inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data under certain circumstances

Right to Restrict Processing

Request limitation of processing activities under specific conditions

Right to Data Portability

Request transfer of your data to another service provider

Right to Object

Object to processing based on legitimate interests or for marketing purposes

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at info@versaatech.com. We will respond within the timeframes required by applicable law (typically 30 days for most jurisdictions, 1 month for GDPR requests).

Note: Some rights may be limited or not available in certain jurisdictions. We will inform you of any limitations when you submit a request.

10. Data Security Measures

We implement comprehensive technical and organizational security measures to protect your personal data:

Technical Safeguards

  • SSL/TLS encryption for data transmission
  • AES-256 encryption for data at rest
  • Secure cloud infrastructure with UAE data residency
  • Regular security updates and patches
  • Multi-factor authentication
  • Intrusion detection and prevention systems

Organizational Measures

  • Role-based access controls
  • Regular staff training on data protection
  • Confidentiality agreements with employees
  • Annual security audits and assessments
  • Incident response procedures
  • Data retention and disposal policies

11. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

  • Candidate Data: 3 years after last contact or until withdrawal of consent (may vary by jurisdiction)
  • Client Data: 7 years after contract termination for legal and tax compliance
  • Employee Data (Outsourcing): As required by applicable labor laws (minimum 5-7 years depending on jurisdiction)
  • Website Data: 2 years for analytics, immediately upon opt-out for marketing
  • Legal Documentation: As required by applicable laws and regulations in relevant jurisdictions

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify relevant data protection authorities within required timeframes (72 hours for GDPR, UAE PDPL, and other applicable laws)
  • Inform affected individuals without undue delay if the breach poses a high risk to their rights and freedoms
  • Provide clear information about the nature of the breach, potential consequences, and mitigation measures
  • Document all breaches and remedial actions taken for regulatory compliance
  • Cooperate with supervisory authorities in their investigation and follow-up actions

13. Cookies and Tracking Technologies

Our website uses cookies and similar technologies for:

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: To understand website usage and improve user experience
  • Marketing Cookies: To provide relevant advertisements (with consent)

You can manage cookie preferences through your browser settings or our cookie consent banner.

14. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

15. Complaints and Regulatory Contact

If you believe we have not handled your personal data in accordance with this policy or applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority:

UAE Data Protection Authority

For UAE residents and UAE PDPL matters (contact details to be updated when officially published)

EU Supervisory Authorities

For EU residents: Contact your local data protection authority or visit EDPB member list

Other Jurisdictions

Contact your local data protection or privacy authority as applicable

16. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. For significant changes, we may provide additional notice via email or prominent website notification.

17. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Contact

Email: info@versaatech.com

Address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E

Response Time: We aim to respond to all inquiries within 30 days

This Privacy Policy is governed by applicable data protection and privacy laws including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, GDPR, and other relevant laws in jurisdictions where we operate.