Customer Privacy Notice
1.Introduction
Purpose of this Notice
This Customer Privacy Notice (“Notice”) is provided by Global IT International FZ-LLC (“Global IT,” “we,” “us,” or “our”). Its purpose is to inform you, as a customer or a representative/employee/officer of a company that is our customer, about how we collect, use, disclose, transfer, and protect your personal data during the process of purchasing and using our products or services. We are committed to ensuring transparency and compliance with the United Arab Emirates, Federal Decree Law No. 45 of 2021 regarding the Protection of Personal Data (“PDPL”) and adhering to internationally recognized data protection principles.
Who We Are
Global IT International FZ-LLC (“Global IT”), registered in Dubai Internet City, Building 16, Office 240-241 Al Sufouh 2 Area P.O. Box 502318 Dubai- UAE, is the entity responsible for deciding how your personal data is processed. Under the PDPL, this makes us the ‘Controller’ of your personal data.
Our Commitment to Your Privacy
We are dedicated to processing your personal data lawfully, fairly, and transparently. We respect your privacy rights and strive to implement robust technical and organizational measures to safeguard your data. Our practices are designed to align with the core principles of data protection, including purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality, as mandated by the PDPL.
Scope of this Notice
This Notice applies to the personal data processing activities undertaken by Global IT in relation to its customers. It covers data collected during the purchasing process and throughout your use of our products and services.
2.The Personal Data We Collect and Process
What is Personal Data?
‘Personal Data’ refers to any information relating to an identified or identifiable natural person (referred to as a ‘Data Subject’). This includes information that can directly identify you (like your name or identification number) or indirectly identify you when combined with other information (such as your job title within a specific company). ‘Processing’ encompasses almost any action performed on personal data, including collecting, recording, organizing, storing, using, disclosing, transferring, or deleting it.
Categories of Personal Data Processed
To manage our business relationship with you and operate our business effectively, we need to process certain categories of your personal data. The specific data processed may vary depending on your circumstances, but typically includes:
- Identification Data: Full name, signature, and T.R. identity number.
- Contact Information: Address, telephone number, and email address.
- Professional Experience Data: The company you represent, your title, and position.
- Customer Transaction Data: Contract name, contract date, trade name, information on products/services sold, tax office, tax identification number, current account status, payment information, and taxpayer details.
- Legal Transaction Data: Contract signature information.
3.How We Use Your Personal Data and Our Legal Basis for Processing
Purpose Limitation
We are committed to the principle of purpose limitation, meaning we collect and process your personal data only for specified, explicit, and legitimate purposes directly related to our business relationship and operational needs.
Lawful Basis for Processing
We only process your personal data when we have a valid legal ground (lawful basis) to do so under the PDPL. The primary legal bases we rely upon are:
- Contractual Necessity: Processing necessary for the establishment or performance of a contract.
- Legal Obligation: Processing necessary to comply with our legal or regulatory obligations under UAE law (e.g., related to tax or commercial law).
- Legitimate Interests: Processing necessary for our legitimate interests (or those of a third party), provided these interests are not overridden by your fundamental rights and freedoms.
- Establishment, Exercise, or Defense of Legal Claims: Processing that is mandatory for the establishment, exercise, or protection of a right, such as for the purposes of legal proceedings, data retention, and archival activities.
Purposes and Legal Bases Table
The following table outlines the main purposes for which we process your personal data and the corresponding primary legal basis under the PDPL.
| Purpose of Processing | Examples of Personal Data Categories Used (Illustrative) | Primary Legal Basis under PDPL |
| Contract Establishment Processes (Preparing, signing, and managing contracts for the purchase of products or services) | Identification Data, Contact Info, Professional Experience Data, Customer Transaction Data, Legal Transaction Data | Contractual Necessity |
| Customer Relationship Management (Execution of product/service sales and operations, contract processes, and post-sales support services) | Identification Data, Contact Info, Professional Experience Data, Customer Transaction Data, Legal Transaction Data | Contractual Necessity, Establishment, Exercise, or Defense of Legal Claims |
| Financial Processes (Managing invoices, accounting records, and financial processes) | Identification Data, Contact Info, Professional Experience Data, Customer Transaction Data | Legal Obligation |
4.Data Sharing and International Transfers
Sharing with Third Parties
Your personal data may be transferred to official authorities (such as ministries) as stipulated by law, within the purposes and limitations prescribed by law, if requested in cases explicitly stated in the legislation.
Your personal data may also be shared with the following parties:
- Data hosting providers for the purpose of securely hosting and backing up data.
- Customer relationship management (CRM) application providers for the purpose of executing CRM processes.
- E-mail communication service providers located domestically or abroad, for the purpose of carrying out communication activities.
- Tax&Finance apps providers and the Tax Administration for the purpose of ensuring compliance of our activities with legislation.
- Government authorities, regulators, law enforcement agencies
- Courts and tribunals in connection with legal proceedings.
Sharing within Global IT Group
As a multinational organization, your personal data may be shared with other entities within the Global IT group located in various countries, primarily Turkey, for the purposes of conducting administrative, technical, and commercial activities (e.g., sales and technical support operations, legal compliance, global reporting).
International Data Transfers
Your personal data may be transferred to, stored, and processed in countries outside of the UAE where GLOBAL IT group entities or our third-party service providers are located.
5.Data Retention
We adhere to the principle of storage limitation, meaning we will retain your personal data in a form that permits identification only for as long as is necessary to fulfill the purposes for which it was collected. Our retention periods are determined based on legal and regulatory requirements under UAE law, operational needs, and the necessity to retain data for potential legal claims. Once the retention period expires, your personal data will be securely deleted or anonymized so that it can no longer be associated with you.
6.Your Data Subject Rights
Under the PDPL, you have several rights concerning your personal data. These rights allow you to maintain control over your information. Subject to certain legal limitations and requirements, your rights include:
- Right to Access: You have the right to request confirmation of whether we process your personal data and, if so, to access a copy of that data along with information about how we process it (e.g., purposes, categories, recipients, retention periods).
- Right to Rectification (Correction): If you believe the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction or completion.
- Right to Erasure (‘Right to be Forgotten’): You can request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes it was collected, you withdraw consent (if consent was the basis), or the processing is unlawful. This right is not absolute and may be subject to legal overrides (e.g., if we need to retain data to comply with a legal obligation).
- Right to Restrict Processing: You can request that we limit the processing of your personal data in certain situations, for example, if you contest the accuracy of the data or object to processing based on legitimate interests, pending verification.
- Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
How to Exercise Your Rights
To exercise any of these rights, please contact the designated point of contact using our contact details provided in Section 7 below. We may need to verify your identity before processing your request. We will respond to your request within the timeframe specified by the PDPL (typically one month, potentially extendable for complex requests), explaining the actions taken or the reasons if we are unable to fully comply with your request due to legal limitations.
7.Contact Information and Updates
Contact Point
If you have any questions about this Privacy Notice, how we handle your personal data, or if you wish to exercise your data subject rights, please contact us.
- Global IT Internatıonal FZ-LLC
- Dubai Internet City, Build. 16, Office 240-241, Al Sufouh 2 Area P.O. Box 502318 Dubai UAE
- privacy@globalit.co.ae
Updates to this Notice
We may update this Privacy Notice from time to time to reflect changes in our processing activities, legal requirements, or best practices. The Privacy Notice is effective as of the date it is posted on our website. We recommend that you review this Notice regularly.
Date of Last Update: 01.09.2025