Privacy Policy

Last Updated and Effective: January 1, 2022

  1. Purpose and Scope

BrainUp DMCC, a limited liability company (registration number: DMCC190129, registered address: Unit No: 3O-01-BA1416 Jewellery & Gemplex 3 Plot No: DMCC-PH2-J&GPlexS Jewellery & Gemplex Dubai, United Arab Emirates), hereinafter referred to as the “Company”, strives to comply with applicable laws and regulations related to Personal Data protection in countries where the Company operates. This Policy sets forth the basic principles by which the Company processes your personal data, and indicates the responsibilities while processing personal data.

The Company does not knowingly attempt to solicit or receive information from children under 16 years of age.

The Company acknowledges and understands that you are aware of and care about your own personal privacy interests, and the Company takes that seriously. This Privacy Policy describes the policies and practices with regard to the collection and use of your personal data, and sets forth your privacy rights. The Company recognizes that data privacy is an ongoing responsibility, and, therefore, the Company will from time to time update this Privacy Policy and its privacy practice as the Company undertakes new personal data practices or adopt new privacy policies.

  1. Company’s website

The Company controls and manages – hereinafter the “Website”) which may collect particular data for its business purposes.

  1. Definitions of legal bases for the processing

Consent – your clear agreement to the processing of your personal data for a specific purpose.

Contract – the reason why the processing is necessary based on a contract you have with the Company, or because the Company has asked you to take specific steps before entering into that contract.

Legitimate Interests – the reason why the processing of your data is necessary, which is based on the legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:

  • gaining insights from your behavior on the Website;
  • delivering, developing and improving the Website;
  • enabling the Company to enhance, customize or modify the Website and services;
  • determining whether marketing campaigns are effective;
  • enhancing data security.
  1. Consent rule

If you have given consent to the processing of your data you can freely withdraw such consent at any time by emailing the Company to [email protected].

If you do withdraw your consent, and if the Company does not have another legal basis for the processing of your data, then the Company will stop the processing of your personal data.

If the Company has another legal basis for the processing of your data, then the Company may continue to do so subject to your legal interests and rights.

  1. Company’s responsibilities

If you are a visitor to the Website the Company acts as the ‘data controller’ of personal data. This means that the Company determines how and why your data are processed.

  1. Your responsibilities

Read this Privacy Policy carefully.

You consent to provide the Company with your personal data only. The Company will only employ this data for the special reason for which it was provided to the Company. By sending the data, you confirm that you have the right to dispose to process the data on your behalf in accordance with this Privacy Policy.

Treat your personal data confidential and secure.

  1. Collected data

The Company collects data when you interact with its Website, especially when:

  • you browse any page of the Website;
  • the Company calls you;
  • you use the Website;
  • you receive emails from the Company;
  • you chat with the Company for support;
  • you connect integrations;
  • you opt-in to marketing emails.

The Company may collect the following categories of your data:

  • name, surname, contact details such as your email address and phone number;
  • data that identifies you such as your IP address, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version;
  • your birthday details in order to send you special discount offers;
  • data on how you use the website such as your URL clickstreams (the path you take through the website), pages viewed, page response times, download errors, how long you stay on webpages, what you do on those pages, how often, and other actions.

The recipients of the collected data are the highest management level of the Company, its employees and contractors, and other third party service providers mentioned below.

The Company does not collect nor store any of your billing of other financial data.

  1. Purposes and legal basis for the processing

The Company processes the data for:

Providing Services:

  • Details: the Company needs to provide services accessible via the Website.
  • Legal basis: Consent; Contract; Legitimate Interests.

Keeping the Website running:

  • Details: managing your requests, login and authentication, remembering your settings, hosting and back-end infrastructure.
  • Legal basis: Contract; legitimate Interests.

Improving the Website

  • Details: testing features, interacting with feedback platforms and questionnaires, managing landing pages, heat mapping the Website, traffic optimization and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this.
  • Legal basis: Contract; legitimate Interests.

Customer support

  • Details: notifying you of any changes to the service, solving issues, any bug fixing.
  • Legal basis: Contract; Legitimate Interests.

Marketing purposes (with your consent only)

  • Details: sending you emails and messages about new functions, goods and services, and content.
  • Legal basis: Consent.

Preventing fraud

  • Details: evercookies. Evercookies are a javascript API available that produces extremely persistent cookies in a browser which help us identify that no user creates additional account.
  • Legal basis: Legitimate Interests.
  1. Your rights

You may choose not to provide the Company with personal data. If you choose to do so, you can continue to visit the Website and browse its pages, but the Company will not be able to provide its services and process transactions without personal data.

You may turn off cookies in your browser via settings. You can block cookies on your browser by refusing cookies. You may delete cookies. If you turn off cookies, you can continue to use the Website and browse its pages, but the Website and certain services will not work properly.

You may ask us to refrain from using your data for marketing. You can opt out from marketing by emailing us at [email protected].

You can exercise the following rights by sending us an email at [email protected].

  1. You have the right to access information about you, especially:
    • the categories of data;
    • the purposes of data processing;
    • third parties to whom the data is disclosed;
    • how long the data will be retained and the criteria used to determine that period;
    • other rights regarding the use of your data.
  2. You have the right to make the Company correct any inaccurate personal data about you.​
  3. You can object to the Company using your personal data for profiling you or making automated decisions about you. The Company may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behavior).
  4. You have the right to the data portability of your data to another service or Website. The Company will give you a copy of your data in readable format so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.
  5. You have the right to be “forgotten”. You may ask for erasing any personal data about you, if it is no longer necessary for the Company to store the data for purposes of your use of the Website.
  6. You have the right to complain about the use of your data by the Company. In the context of the right to access information, the Company shall provide you with the information within one month of your request unless there is a justified requirement to provide such information faster.
  7. Security

We have security and organizational measures and procedures to secure the data collected and stored. We have security policies and data processing agreements with all our employees and contractors who are obliged to follow and maintain appropriate technical and organizational measures. We have internal Information Security Policy.

We use servers that comply with strict international data security standards, including ISO 27001.

We use servers that are certified under PCI DSS Level 1, ISO/IEC 27001:2013, SOC 1 type II.

You acknowledge that no perfect security infrastructure exists, no data transmission is guaranteed to be 100% secure, and there may be some security risks.

In case your privacy has been breached, please contact the Company immediately on [email protected].

  1. Location of the processing of personal data

The personal data collected by the Company is processed at the Company’s offices. The Company is international and can have foreign affiliates, subsidiaries, branches and departments. All employees and contractors of the Company are bound by the respective non-disclosure agreements, Company’s internal policies and Information Security Policy.

  1. Right to Request Deletion

You have the right to request that the Company delete any of your personal data that the Company collected about you and retained. The Company will delete your personal data from our records once the Company receives your request and verifies your identity.

  1. Transfer of your personal data

The Company relies on derogations for specific situations, as outlined in Article 49 of the GDPR. In particular, the Company collects and transfers personal data only: with your consent, to perform a contract with you, or to fulfill a compelling legitimate interest of the Company in a manner that does not outweigh your rights and freedoms subject to conditions specified in Article 49 of the GDPR. The Company notifies that the country to which personal data is transferred does not provide for an adequate level of data protection based on the European Commission decision. The Company endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with the Company and the practices described in this Privacy Policy. The Company also minimizes the risk to your rights and freedoms by not collecting or storing sensitive information about you.

  1. Cookies

Cookies are pieces of data that a Website transfers to a user’s hard drive for record-keeping purposes.

The Company uses cookies to provide proper functionality on the Website and aggregate traffic data (e.g., what pages are popular). The Company may use evercookies with reference to Legitimate interest only.

The Company uses the following types of cookies:

  • Strictly needed cookies. These cookies are necessary for the Website to work correctly. They will allow you to move our Website and use its capabilities. These files do not identify you as a person. If you do not agree to use this type of file this may affect the proper work of the Website or its components.
  • Cookies related to performance, efficiency, and analytics. These files help us understand how you interact with our Website by providing information about the areas visited and the amount of time spent on the Website, as well as showing problems in the operation of the Internet resource, for example, error messages. This will help us to improve the work of the Website.
  • Cookies related to analytics. These files help us to measure the effectiveness of advertising campaigns and optimize the content of Websites for those who are interested in our advertising. This type of cookies shall not be used for Your identification. All information that is collected and analyzed is anonymous.
  • Advertising cookies. These cookies record information about Your online activities, including visits to our Website, as well as information about the links and advertising that you have chosen to view. The Company uses such files to collect data about your activity on the Internet and determine your interests, which allows the Company to provide advertising that suits your interests and on which you have given your consent.

The Website captures limited data (user-agent, HTTP referrer, last URL requested by the user, client-side and server-side clickstream) about visits to the Website. The Company may use this data to analyze patterns and to perform system maintenance. You have several options on how to manage cookies on your device. All browsers allow you to block or delete cookies from your device. You may consult the privacy features in your browser to understand what you should do if you need to manage cookies.

  1. Contact details of the Data Controller

BrainUp DMCC


Registration number: 120371,

Registered address: Unit No: 3O-01-BA1416, Jewellery & Gemplex 3, Plot No: DMCC-PH2-J&GPlexS, Jewellery & Gemplex, Dubai, United Arab Emirates


Email: [email protected]