Privacy Policy & Imprint
Last updated: June 13, 2025
1. Introduction: Purpose and Scope of This Policy
This document constitutes the Privacy and Cookie Policy for Champavin FZE, a company registered in the UAE, with its office located at Office 803, Damac Executive Tower B, Business Bay, 35 Al A’amal Street, Dubai, UAE.
This policy applies to the static website operated by Champavin FZE and comprehensively details how personal data is collected, utilized, stored, shared, and protected when individuals interact with the Company’s services.
The purpose of this policy is to establish clear transparency regarding data handling practices. This commitment to transparency and accountability is fundamental under both the EU General Data Protection Regulation (GDPR) and the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL). Providing full legal identification, including the company’s address and VAT number, along with the CEO’s name, serves to build trust by demonstrating legitimacy and offering clear points of contact for any legal or privacy-related inquiries. This proactive disclosure addresses potential questions about the entity’s legal standing, particularly as a free zone entity in the UAE, which operates within specific legal frameworks.
Champavin FZE is deeply committed to protecting personal data and respecting individual privacy. This policy outlines practices specifically designed to comply with the General Data Protection Regulation (GDPR) of the European Union, the EU ePrivacy Directive (commonly known as the “Cookie Law”), and the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL). A core principle guiding the Company’s data processing activities is the explicit commitment that no personal data is sold. The processing of data is strictly limited to what is necessary for essential website functionality, statistical analytics, and the management of contact form submissions. The early and unequivocal statement that personal data is not sold is a significant trust-building measure, directly addressing a primary concern for many users regarding data monetization. This commitment, stated upfront, aligns with the principles of transparency mandated by data protection laws and differentiates the Company’s approach. It also implies that all third-party integrations, such as Google Analytics and Formspree, are selected and configured to adhere to this “no selling” principle, a commitment confirmed by Formspree and reflected in Google’s role as a data processor.
2. Key Definitions
To ensure clarity and mutual understanding, the following terms are defined as they are used within this Privacy and Cookie Policy:
Personal Data: Any information relating to an identified or identifiable natural person (referred to as a “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., an IP address), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. The broad definition of personal data under both GDPR and UAE PDPL means that even seemingly innocuous data points, such as IP addresses collected from static websites, are classified as personal data. This classification necessitates adherence to the full spectrum of data protection obligations, including requirements for consent for non-essential uses, robust security measures, and the safeguarding of user rights.
Sensitive Personal Data: This category includes data that directly or indirectly reveals an individual’s family or ethnic origin, political or philosophical opinions, religious beliefs, criminal record, biometric data, and any data related to an individual’s health. It is important to note that the static website operated by Champavin FZE does not typically collect sensitive personal data.
Processing: Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means. This includes activities such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In the context of this policy, Champavin FZE acts as the Data Controller.
Data Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller. Google Analytics and Formspree function as Data Processors for Champavin FZE.
Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
Cookies: Small text files placed on a user’s device by websites they visit. They are widely employed to enable websites to function effectively or more efficiently, and to provide information to the website owners. Due to their capacity to store a wealth of data and potentially identify individuals, cookies can be considered personal data in certain circumstances and are therefore subject to GDPR and PDPL.
3. Data Collection and Use
3.1. Types of Personal Data Collected
Champavin FZE collects the following categories of personal data through its static website:
Identifiers: This includes Internet Protocol (IP) addresses, which are automatically collected for purposes such as website security, analytics, and troubleshooting. Names and email addresses are collected when voluntarily provided by individuals through the Formspree contact form. The collection of IP addresses, even as “standard data,” is a critical trigger for data protection obligations, as it constitutes personal data under both GDPR and UAE PDPL. This means that even basic server logs or analytics data containing IP addresses are subject to the full scope of these regulations, necessitating robust compliance measures.
Usage Data: Information pertaining to how individuals interact with the website, including pages visited, time spent on pages, referral sources, browser type, operating system, and device information. This data is collected via Google Analytics.
No Sensitive Personal Data: Champavin FZE does not intentionally collect any sensitive personal data through its website.
3.2. Methods of Data Collection
Personal data is collected by Champavin FZE through two primary methods:
Directly from Individuals: Data is collected when individuals voluntarily provide information, such as their name and email address, through the Formspree contact form.
Automatically via Website Technologies: Data is collected through the use of cookies and similar tracking technologies, specifically Google Analytics. These technologies automatically gather usage data and IP addresses as individuals navigate the website.
3.3. Purposes and Legal Bases for Processing Personal Data
Champavin FZE processes personal data for specific purposes, each supported by a corresponding legal basis as required by GDPR and UAE PDPL:
To Respond to Inquiries (Contact Form):
Purpose: To facilitate communication with individuals and address their questions or requests submitted via the Formspree contact form.
Legal Basis: Explicit consent (Art. 6(1)(a) GDPR, and similar consent requirements under UAE PDPL) provided by the individual when submitting the form.
To Analyze and Improve Website Performance:
Purpose: To gain insights into how visitors utilize the website, identify popular content, and enhance overall user experience and website functionality. This is achieved through Google Analytics.
Legal Basis: Explicit consent (Art. 6(1)(a) GDPR, and similar consent requirements under UAE PDPL) for the deployment of non-essential (performance/statistics) cookies. For this purpose, IP addresses are anonymized to protect individual privacy. Differentiating between legal bases, such as consent for user-initiated actions and non-essential cookies versus legitimate interest for essential operations, is a critical aspect of GDPR and PDPL compliance.
For Website Security and Operation:
Purpose: To ensure the secure and proper functioning of the website, detect and prevent fraudulent activities, and resolve technical issues. This may involve the processing of IP addresses and strictly necessary cookies.
Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR) in maintaining a secure and operational website, provided these interests are not overridden by the fundamental data protection rights and freedoms of the data subject. For strictly necessary cookies, explicit consent is not legally required, but transparent disclosure of their function is necessary.
4. Cookies and Other Tracking Technologies
4.1. What Are Cookies?
Cookies are small text files that are downloaded and stored on a user’s computer or mobile device when they visit a website. Their widespread use facilitates efficient website operation and provides valuable information to website owners. Certain cookies possess the capacity to store significant amounts of data and, under specific circumstances, can be classified as personal data, thereby falling under the purview of GDPR and UAE PDPL.
4.2. Types of Cookies Used
Champavin FZE employs both first-party cookies, which are set directly by the Company’s website, and third-party cookies, which are set by external services such as Google Analytics.
Cookies are further categorized by their duration:
Session cookies are temporary and expire automatically once the user closes their browser or their browsing session ends.
Persistent cookies remain on the user’s device until they are manually erased or reach their pre-defined expiration date, which is embedded within their code.
Specifically, the cookies utilized on this website are categorized as follows:
Strictly Necessary Cookies: These cookies are indispensable for navigating the website and utilizing its core features, such as ensuring security and enabling basic site functionality. Consent is not legally mandated for these cookies, but their purpose and necessity are clearly explained.
Performance/Statistics Cookies: These cookies gather information about how users interact with the website, including pages visited and links clicked, with the aim of improving website functionality. This category includes cookies deployed by Google Analytics. The information collected is aggregated and anonymized, ensuring that individual users cannot be identified. Explicit consent is required for the use of these cookies.
4.3. How Cookies Are Used (Focus on Google Analytics)
The website uses Google Analytics to collect data on visitor interactions. Google Analytics primarily relies on first-party cookies to generate reports on user behavior.
To ensure compliance with GDPR and UAE PDPL, Champavin FZE has meticulously configured its Google Analytics settings:
IP Address Anonymization: This is a foundational measure for safeguarding personal information and fostering user trust by preventing the storage of identifiable IP addresses. This proactive configuration addresses the fact that Google Analytics, by default, does not inherently comply with GDPR; active management of collected data is essential to align with regulations.
Implementation of Consent Mode v2: This feature dynamically adjusts data collection practices based on the user’s consent status. It ensures that data for advertising and personalized advertising purposes is only collected after explicit user consent has been obtained. Champavin FZE integrates a Google-certified Consent Management Platform (CMP) to effectively manage this process and ensure comprehensive compliance.
Data Retention Policies: Specific data retention policies have been established within Google Analytics, allowing for user data to be retained for periods ranging from 2 to 26 months, after which it is automatically deleted. This flexibility aids in aligning with GDPR requirements.
4.4. Your Cookie Choices and Management
Champavin FZE will obtain explicit consent from users before deploying any cookies that are not strictly necessary for website operation. This consent mechanism will be facilitated through a compliant cookie banner.
Users retain the right to accept or refuse cookies. Preferences can be managed at any time through the Company’s dedicated cookie consent tool or by adjusting browser settings. Google also provides an optional browser add-on that, once installed and enabled, disables Google Analytics measurement for any site a user visits. The principle of “easy withdrawal” for consent is as crucial as the initial act of obtaining consent. This necessitates providing clear, accessible mechanisms for users to modify their preferences at any point. Merely stating that users can adjust browser settings is insufficient; the policy commits to providing a user-friendly cookie consent tool directly on the website, allowing for granular control and straightforward withdrawal of consent.
Table: Cookies Used on Our Website
This table provides detailed information about the cookies deployed on the website, fulfilling the transparency requirements under GDPR and the ePrivacy Directive by offering specific and accurate information about each cookie’s purpose and characteristics.
| Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| _ga | Google Analytics | Registers a unique ID used to generate statistical data on how the visitor uses the website. | Third-party, Persistent | 2 years |
| _gid | Google Analytics | Registers a unique ID used to generate statistical data on how the visitor uses the website. | Third-party, Persistent | 24 hours |
| _gat_UA-XXXXX-Y | Google Analytics | Used by Google Analytics to throttle request rate. | Third-party, Session | 1 minute |
| cookieyes-consent | Champavin FZE | Stores the user’s cookie consent state for the current domain. | First-party, Persistent | 1 year |
| (Other strictly necessary cookies as needed for site functionality) | Champavin FZE | Essential for basic website functionality and security. | First-party, Session/Persistent | Session / Varies |
5. Third-Party Data Processors and Data Sharing
5.1. Google Analytics: Data Processing and Compliance Measures
Google Analytics functions as a data processor for Champavin FZE, collecting and processing data on the Company’s behalf. Champavin FZE, as the data controller, maintains full rights over the collection, access, retention, and deletion of this data. Google’s utilization of this data is governed by its contractual agreements with Champavin FZE (specifically, the Ads Data Processing Terms) and the settings configured through the Google Analytics product interface. The Company ensures its Google Analytics configuration aligns with GDPR and UAE PDPL by implementing IP address anonymization, establishing appropriate data retention policies, and enabling Consent Mode v2.
5.2. Formspree: Data Processing and Security
The website utilizes Formspree for its contact form functionality. Formspree acts as a data processor for the information submitted through these forms. Formspree demonstrates a robust commitment to data protection, confirming full GDPR compliance and having achieved SOC 2 Type II compliance, which signifies adherence to stringent security controls. Their security measures include encrypting all databases at rest using AES-256 block-level storage encryption and network traffic using a minimum of TLS 1.2. They also implement strict access controls, conduct regular vulnerability management, and maintain an incident response process. For international data transfers, Formspree relies on Standard Contractual Clauses (SCCs), which are legally binding agreements approved by the European Commission, ensuring adequate safeguards for data transferred outside the EU/EEA.
The selection of third-party processors like Google Analytics and Formspree is a critical compliance decision, as their adherence to data protection principles directly influences Champavin FZE’s overall compliance posture. Detailing Formspree’s security certifications and their use of SCCs provides concrete evidence of due diligence. For Google Analytics, reiterating specific configurations like IP anonymization and Consent Mode demonstrates active management of data processing risks. This level of detail builds trust and signifies a sophisticated approach to vendor management, a key component of comprehensive data protection compliance.
5.3. No Sale of Personal Data
Champavin FZE unequivocally affirms that it does not sell, rent, or lease any personal data to third parties. The use of data is strictly confined to the purposes outlined in this policy, primarily for website analytics and the management of contact form submissions. This commitment is a cornerstone of the Company’s privacy principles. Reaffirming the “no sale” policy within the data sharing section reinforces transparency and directly addresses a major user concern, particularly as users often associate third-party sharing with potential data monetization. This repetition, especially in the context of third-party processors, serves as a strong reassurance, explicitly differentiating Champavin FZE’s data practices from those that monetize user data, thereby further building trust and aligning with the principle of transparency.
5.4. Other Disclosures
Personal data may be disclosed by Champavin FZE if legally mandated or if there is a good faith belief that such disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights or property of Champavin FZE; (c) prevent or investigate potential wrongdoing in connection with the Service; or (d) safeguard the personal safety of users of the Service or the public.
6. Data Security and Retention
6.1. Our Security Measures
Champavin FZE implements appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, and destruction. These measures are designed to ensure a high level of information security, as required by both GDPR and UAE PDPL. Specific measures include:
Encryption: All data transmitted between a user’s browser and the Company’s website is encrypted using HTTPS. Data stored by the Company’s processors, such as Formspree, is also encrypted at rest using AES-256 block-level storage encryption.
Access Controls: Access to personal data is strictly limited to authorized personnel who require it for their specific roles. This includes enforcing strong password policies and utilizing two-factor authentication for critical systems.
Vulnerability Management & Monitoring: The Company regularly performs vulnerability scanning and actively monitors for threats and anomalies to proactively identify and respond to potential security incidents.
Data Pseudonymization (where applicable): Measures such as IP anonymization in Google Analytics are implemented to reduce direct identifiability of personal data.
Incident Response Plan: A defined process is in place for handling information security events, encompassing escalation procedures, rapid mitigation strategies, and clear communication protocols.
6.2. Data Retention Periods
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including compliance with any legal, accounting, or reporting requirements.
Google Analytics Data: Data retention settings for Google Analytics are configured to allow retention periods ranging from 2 to 26 months, after which the data is automatically deleted.
Contact Form Data (Formspree): Data submitted via the contact form will be retained for a period necessary to adequately respond to inquiries and for record-keeping purposes, typically 12 months, unless an earlier deletion is specifically requested by the individual. While Google Analytics offers specific retention periods, Champavin FZE, as the data controller, is responsible for defining its own retention policy for data collected directly, such as through Formspree. This ensures a comprehensive approach to data lifecycle management, a key principle under both GDPR and PDPL.
7. Your Data Protection Rights
Champavin FZE fully respects the rights individuals possess over their personal data. Individuals have the following rights under both the GDPR and the UAE PDPL:
7.1. Rights under GDPR and UAE PDPL
Right to Be Informed (Art. 12 GDPR, UAE PDPL): Individuals have the right to be informed about the collection and use of their personal data in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. This Privacy Policy serves to fulfill this right.
Right of Access (Art. 15 GDPR, UAE PDPL): Individuals have the right to request access to the personal data held about them and to receive a copy of that data, along with information regarding the processing purposes, categories of data, recipients, and retention periods.
Right to Rectification (Art. 16 GDPR, UAE PDPL): Individuals have the right to request that any inaccurate or incomplete personal data held about them be corrected without undue delay.
Right to Erasure / “Right to Be Forgotten” (Art. 17 GDPR, UAE PDPL): Individuals have the right to request the deletion of their personal data under certain conditions, such as when the data is no longer necessary for the purpose it was collected, or consent is withdrawn.
Right to Restrict Processing (Art. 18 GDPR, UAE PDPL): Individuals have the right to request that the processing of their personal data be limited in specific situations (e.g., if the accuracy of the data is contested, or if the processing is unlawful but erasure is opposed).
Right to Data Portability (Art. 20 GDPR, UAE PDPL): Individuals have the right to receive the personal data they have provided to the Company in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
Right to Object (Art. 21 GDPR, UAE PDPL): Individuals have the right to object to the processing of their personal data, particularly when processing is based on legitimate interests or for direct marketing purposes (though Champavin FZE does not engage in direct marketing).
Right to Withdraw Consent (Art. 7(3) GDPR, UAE PDPL): Where processing of personal data relies on consent, individuals have the right to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. It must be as easy to withdraw consent as it was to give it.
Rights in Relation to Automated Decision-Making and Profiling (Art. 22 GDPR, UAE PDPL): Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. The Company’s website does not engage in automated decision-making or profiling that would produce legal or similarly significant effects.
Right to File a Complaint: Individuals have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement.
7.2. How to Exercise Your Rights
To exercise any of the aforementioned data protection rights, individuals are encouraged to contact Champavin FZE using the details provided in the “Contact Us” section of this policy. The Company will respond to requests within one month, or as required by applicable law. To confirm identity and ensure that personal data is not disclosed to unauthorized individuals, specific information may be requested. This serves as a security measure to protect personal data.
Table: Your Data Subject Rights Summary
This table offers a concise, accessible reference for users to quickly understand their fundamental rights and the straightforward process for exercising them, thereby enhancing transparency and user empowerment.
| Right | What it Means | How to Exercise |
|---|---|---|
| Right to Be Informed | Know what data is collected, why, and how it’s used. | This policy fulfills this right. |
| Right of Access | Request a copy of your personal data held by us. | Contact us via email. |
| Right to Rectification | Ask us to correct inaccurate or incomplete data. | Contact us via email. |
| Right to Erasure | Request deletion of your data under certain conditions. | Contact us via email. |
| Right to Restrict Processing | Ask us to limit how your data is used. | Contact us via email. |
| Right to Data Portability | Receive your data in a machine-readable format and transfer it. | Contact us via email. |
| Right to Object | Object to certain types of data processing. | Contact us via email. |
| Right to Withdraw Consent | Revoke your consent for data processing at any time. | Use our cookie consent tool or contact us via email. |
| Rights in relation to Automated Decision-Making | Not be subject to decisions based solely on automated processing. | Contact us via email. |
| Right to File a Complaint | Lodge a complaint with a supervisory authority. | Contact the relevant data protection authority. |
8. International Data Transfers
Given that Champavin FZE is based in the UAE (Fujairah Free Zone) and its website is globally accessible, and considering the use of service providers like Formspree that host data in the United States, personal data may be transferred to, and stored at, destinations outside of the European Economic Area (EEA) and the UAE.
When personal data is transferred outside the EEA to countries not recognized by the European Commission as providing an adequate level of data protection, Champavin FZE ensures that appropriate safeguards are in place. For data processed by Formspree, this is achieved through their reliance on Standard Contractual Clauses (SCCs). These are legally binding agreements approved by the European Commission, specifically designed to protect personal data during international transfers. For data processed by Google Analytics, Google operates as a data processor and adheres to its Ads Data Processing Terms, which include provisions for international data transfers, ensuring compliance with relevant regulations. International data transfers represent a high-risk area, particularly in the post-Schrems II landscape, which necessitates more than a mere statement that data is transferred. The policy explicitly naming the specific safeguards used, such as SCCs for Formspree, demonstrates that Champavin FZE has diligently considered the legal complexities of international transfers and implemented recognized mechanisms to mitigate associated risks. This level of detail is crucial for a sophisticated privacy policy.
9. Compliance with Specific Data Protection Laws
9.1. General Data Protection Regulation (GDPR)
The data processing activities undertaken by Champavin FZE are meticulously designed to comply with the GDPR. Key aspects of this compliance include:
Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner.
Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data Minimization: Only data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed is collected.
Accuracy: Measures are in place to ensure that personal data is accurate and, where necessary, kept up to date.
Storage Limitation: Personal data is retained only for as long as necessary for the purposes for which it is processed.
Integrity and Confidentiality: Personal data is protected using appropriate security measures, ensuring its integrity and confidentiality.
Accountability: Champavin FZE is able to demonstrate compliance with these core principles.
Consent Management: Explicit, informed consent is obtained for non-essential cookies and contact form submissions, with mechanisms in place to ensure easy withdrawal of consent.
Controller-Processor Relationships: Roles and responsibilities with third-party data processors, Google Analytics and Formspree, are clearly defined and governed by appropriate contractual terms.
9.2. UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL)
Champavin FZE, as a company registered in the Fujairah Free Zone, is subject to the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL), which became effective on January 2, 2022.
Applicability: The PDPL applies to organizations operating within the UAE, including those in free zones such as Fujairah Free Zone, which are generally subject to federal laws unless they possess their own specific data protection legislation (which Fujairah Free Zone does not). It also applies to entities processing personal data of individuals residing in the UAE. The fact that Fujairah Free Zone is not exempt from the federal UAE PDPL is a critical detail. This means Champavin FZE must fully comply with the federal PDPL, including its requirements for consent, security, and data subject rights, and is subject to the potential for significant fines for non-compliance. This prevents any misconception that being in a free zone might provide exemption from federal data protection laws.
Key Principles: The PDPL draws heavily from the GDPR, enshrining similar principles such as lawfulness, fairness, transparency, purpose limitation, data accuracy, security, and responsible data retention.
Data Subject Rights: The law grants individuals rights akin to those under GDPR, including the right to information, access, rectification, erasure, restriction of processing, data portability, and objection to certain types of processing.
Security Measures: The PDPL mandates the implementation of appropriate technical and organizational measures, including data encryption and pseudonymization, to ensure a high level of data security.
Consent: Consent must be obtained in a simple, unambiguous, and accessible manner, with the explicit right for individuals to withdraw their consent at any time.
Potential DPO Requirement: While not universally required for all entities, the PDPL mandates the appointment of a Data Protection Officer (DPO) where personal data processing poses a high risk (e.g., due to the adoption of new technologies or the volume of sensitive personal data processed). Champavin FZE will continuously assess this requirement as its data processing activities evolve.
Penalties for Non-Compliance: Non-compliance with the PDPL can result in substantial fines, potentially reaching up to 5 million dirhams (approximately 1.36 million USD), and may lead to criminal liability for severe violations.
9.3. EU ePrivacy Directive (Cookie Law)
The EU ePrivacy Directive, which complements the GDPR, specifically addresses the confidentiality of electronic communications and the tracking of internet users, particularly concerning the use of cookies.
Compliance with this directive requires Champavin FZE to:
Obtain explicit consent from users before deploying any cookies, with the exception of those that are strictly necessary for the website’s operation.
Provide accurate and specific information about the data each cookie tracks and its purpose in clear, plain language before consent is obtained.
Document and securely store all consent received from users.
Ensure that users can access the Company’s services even if they choose to refuse certain cookies.
Make the process of withdrawing consent as straightforward and easy as the process of giving consent initially.
The ePrivacy Directive is the specific legal basis for cookie consent, complementing GDPR. Including this explicitly demonstrates a deeper understanding of the layered EU privacy framework and reinforces the legal necessity of the cookie banner and robust consent management.
10. Changes to This Privacy Policy
Champavin FZE may update this Privacy Policy periodically to reflect changes in its data practices, legal requirements, or technological advancements. Any modifications will be communicated by posting the revised Privacy Policy on this page and updating the “Last Updated” date at the top of the policy. Users are encouraged to review this Privacy Policy periodically for any changes.
11. Contact Us
For any questions or concerns regarding this Privacy Policy or Champavin FZE’s data practices, or to exercise any of your data protection rights, please contact the Company using the following details:
Company Name: Champavin FZE
Office Address: Office 803, Damac Executive Tower B, Business Bay, 35 Al A’amal Street, Dubai, UAE
Contact: Please use our contact form or email us at [email protected].
Phone Number: +971 50 100 8935!!!!
Conclusion
This Privacy and Cookie Policy for Champavin FZE represents a comprehensive framework built upon a deep understanding of global data protection principles, specifically those outlined in the EU General Data Protection Regulation (GDPR), the EU ePrivacy Directive, and the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL). The policy demonstrates a proactive and sophisticated approach to data privacy, moving beyond mere compliance to actively foster user trust.
The commitment to not selling any personal data, explicitly stated and reinforced throughout the policy, is a foundational element that differentiates Champavin FZE’s data practices. Furthermore, the detailed explanation of data collection, processing purposes, and legal bases for each activity underscores a transparent operational model. The meticulous configuration of third-party services like Google Analytics, including IP anonymization and Consent Mode v2, along with the due diligence demonstrated in selecting and detailing Formspree’s security and compliance measures (e.g., SOC 2 Type II, SCCs), illustrates a robust approach to managing data processors.
The policy’s clear articulation of data subject rights under both GDPR and UAE PDPL, coupled with accessible mechanisms for exercising these rights, empowers individuals and reinforces the Company’s adherence to global best practices. The explicit acknowledgment that Fujairah Free Zone entities are subject to the federal UAE PDPL, rather than being exempt, highlights a precise understanding of the jurisdictional landscape and the associated compliance obligations and risks.
In essence, this policy synthesizes complex legal requirements into a clear, actionable document that prioritizes user privacy and data security. By detailing specific measures, providing transparent information, and offering accessible avenues for control, Champavin FZE aims to build and maintain strong trust with its users, ensuring that data handling practices are not only legally compliant but also ethically sound.