Privacy Policy

1. Introduction

Nur Opus Ltd ("we," "us," or "our") is a company registered in the Dubai International Financial Centre (DIFC). We are committed to protecting your privacy and handling your personal data in compliance with the DIFC Data Protection Law No. 5 of 2020, as amended (the "DIFC DP Law").

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website or interact with our services.

2. Data Controller

Nur Opus Ltd is the data controller responsible for your personal data. For any data protection inquiries, please contact us at:

3. Personal Data We Collect

We collect minimal personal data necessary to operate our website and respond to your inquiries:

We do not collect sensitive or special category personal data.

4. Lawful Basis for Processing

Under the DIFC DP Law, we process your personal data based on the following lawful bases:

• Consent: When you voluntarily submit your email address through our contact form, you consent to us processing this data to respond to your inquiry.
• Legitimate Interests: To operate and improve our website and services.

5. How We Use Your Data

We use the personal data we collect solely for the following purposes:

• To respond to your inquiries and communications
• To provide information about our research and services
• To comply with legal obligations under DIFC law

6. Data Sharing and Disclosure

We may disclose your personal data only in the following limited circumstances:

• Service Providers: Trusted third-party service providers who assist us in operating our website (e.g., hosting providers), bound by contractual obligations to protect your data.
• Legal Requirements: When required by law or in response to valid requests by public authorities in accordance with Article 28 of the DIFC DP Law.
• Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users or the public.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the DIFC. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with the DIFC DP Law, including:

• Transfers to countries with adequate data protection standards
• Standard contractual clauses approved by the DIFC
• Your explicit consent where applicable

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Contact form submissions: Retained for up to 2 years from the date of submission, unless ongoing communication requires longer retention.
• Legal compliance: Data may be retained longer if required by law.

After the retention period, personal data is securely deleted or anonymised.

9. Your Rights

Under the DIFC DP Law, you have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your personal data.
• Right to Restriction: Request restriction of processing.
• Right to Data Portability: Request transfer of your data.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at privacy@nuropus.com. We will respond within 30 days.

10. Complaints

If you believe your data protection rights have been violated, you have the right to:

• Lodge a complaint with the DIFC Commissioner of Data Protection
• Bring a private action in the DIFC Courts for compensation (financial or non-financial)

We encourage you to contact us first so we can address your concerns directly.

11. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

12. Cookies and Analytics

Our website uses Vercel Analytics, which collects anonymised, aggregated usage data to help us understand how visitors use our site. This data does not personally identify you. For more information, please see Vercel's Privacy Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated policy on this page with a revised "Last updated" date. We encourage you to review this policy periodically.