Privacy Notice

Last updated: 8 April, 2024

Intro

Bashta (“Company” or “we”) welcomes you. This Privacy Notice (“Privacy Notice”) applies to our website (“Website”).

The Privacy Notice describes which of your personal data Website, how stores, processes, and uses it, and what happens when you use the Website.

About us

We are the controller of your personal data processed through the Website / App. This means that we determine the purposes and means of personal data processing.

Name Bashta
Address  Boulevard Plaza, Tower 2 Office 2402 Sheikh Mohammed bin Rashid Boulevard Downtown Dubai, PO Box: 334155 Dubai
Email [email protected] – for general and privacy inquiries

About you

When you visit the Website, you become our user (“User”). 

We divide the Users into categories so you can easily find details about the processing of your personal data. Pay attention that you can fall into several categories depending on your actions.

Type of User Description
Support Requester User who fills out the “Support” form on the Support topic on the Website / App
Potential Client User who fills out the “Contact us” form on the Website / App
Feedback Provider User who fills out the form to provide feedback on the Website / App
Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or the legal representative of such a User, please contact us.

Personal data

Sources of data

We receive your data when you visit the Website and interact with it, depending on your actions on the Website. 

You can change your personal data by exercising your right to rectification or by the Website functionality. Please note that the same lawful basis and storage terms apply to the changed data.

We may also (although we do not necessarily do so) receive data from third parties. It depends on your settings and the features you use.

Lawful bases for processing

To process your personal data, we rely on the following lawful bases:

  • performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (mainly, the Terms of Use) with you;
  • legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations;
  • legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorised public body;
  • consent — for additional specific purposes.

If we collect personal data on the basis of legitimate interest or performance of the contract, we can use it for another purpose after checking that the new purpose is compatible with the original purpose.

When your data processing is based on a legal obligation or performance of the contract, you are obliged to provide your personal data. We need this data to comply with legal requirements or to properly provide you with our services. The failure to provide such data may have negative consequences, such as tax liability, inability to enter into a contract or provide services to you, etc.

Users’ data

When you visit the Website, we collect some data automatically. We collect some technical data about the Users to optimise performance, debug issues, and enhance features while ensuring security and privacy to improve the overall user experience.

Most of the technical data we collect are anonymous, but some data is associated with your IP address and device ID. Please read about personal technical data below.

Data Reasons for processing Lawful basis
Information about the сoarse location (IP address, country) The optimization of the performance, debugging, enhancement of the features’ proper functioning, administering and improvement of the Website Legitimate interest
Technical device information and network information (including IP address, HTTP user agent, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks)
Data storage
We store the data for 3 years from its collection

We also need cookies to operate, support, and improve the Website’s functionality.

Data Description Reasons for processing Lawful basis
Ncessary cookies Information that is necessary for the operation of the Website Improving your experience of using the Website Performance of the contract
Marketing cookies Marketing information used to match relevant advertising to you Marketing Consent
Preference cookies Information necessary for operating some services on the Website The operation of some services on the Website Consent
Statistics cookies Statistical data used to understand how you interact with the Website Improvement of the Website and analysis of the statistic for other purposese Consent
Data storage
Cookies Stored during the expiry period provided in our Cookie Policy.

Potential Clients’ data

When we collect the personal data:

Data Reasons for processing Lawful basis
Name We need this data in order to understand the context of our future communication and to get into precontractual agreements.  Performance of the contract
Email
Position
Company data
Additional data (provided by User)
KYC data Verify you as a user Legal obligation
Data storage
Based on legal obligation. Stored for 6 years.
Based on performance of the contract. Stored for 3 years from last interaction with us.

Support Requester’ data

When we collect the personal data:

Data Reasons for processing Lawful basis
Common data Name, email
Verification data Complete privacy or other legal requests Legal obligation
Type and context of request
Logs Help with the service Performance of the contract
Attachments
Attachments other Legitimate interest / performance of the contract
Data storage
Based on legal obligation. Stored for 6 years.
Based on performance of the contract. Stored for 3 years from last interaction with us.

Marketing data

When we collect the personal data:

Data Reasons for processing Lawful basis
Name Marketing activities Consent
Email
Data storage
Data that is processed based on consent. Stored for 2 years from collection, if you do not withdraw consent.

Data sharing with third parties

We can share your personal data with third parties without any harm to you and in full compliance with applicable law. In addition, we have implemented organisational and technical measures to ensure the security of personal data during data transfer to third-party.

Third parties Description
Analytics tools We use analytics tools to understand and promote our business.
Payment services We use payment services to process your payments and other transactions.
Social networks We use various social networks to spread information about our activities.
Messengers We use messengers to communicate with you in ways that are convenient for you.
Data storage services We use various cloud services that allow us to securely store data on remote servers.
Contractors, services providers on Website / App We cooperate with service providers and contractors to provide you with their services, operate, develop and improve the features and functionality of the Website / App, fulfill your support requests, complete payment transactions, etс.
Providers of the services our team use We use CRM systems, messengers, and other services in our organisation to provide you with our services.
State authorities, courts, law enforcement agencies, etc We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies:

  • to comply with a government request, court order, or applicable law;
  • to prevent unlawful use of the Website / App;
  • to protect against claims of third parties;
  • to help prevent or investigate fraud.
To get a detailed list of the third-party recipients of your personal data, contact us.

To share your data, we rely on the following lawful bases, depending on the case: consent, compliance with the law, and performance of a contract.

Data sharing outside the European Economic Area

The personal data we collect is stored in ______.

We may share personal data with the recipients of other countries, including non-EEA ones, ensuring that your data is protected and processed in accordance with the General Data Protection Regulation.

To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient. 

If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.

You can read more detailed measures to protect your personal data here.

Data protection

We are regularly certified by ISO 27001 Standard. 

We apply a variety of security measures appropriate to the possible risks.

Organisational measures
Staff training Internal policies and instructions
Non-disclosure agreements (NDA) Transfer protection
Access control mechanism
Physical measures
Video monitoring Signalling
Limited access to premises Round the clock security
Technical measures
Two-factor authentication Backups
Firewalls Encryption of data
Implementation of HTTPS End-to-end encryption

Data subjects rights

You, as a data subject (individual), have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them depending on your residency.

European Economic Area and United Kingdom residents

Right Description
Right to access You can request information on whether personal data are being processed, and, where that is the case, access to this personal data and the information required by law.
Right to rectification You can change the data if it is inaccurate or incomplete.
Right to erasure You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law.
Right to restrict the processing You may partially or completely prohibit us from processing your personal data in cases provided by law.
Right to data portability You can request all the data you provided to us and request to transfer data to another controller.
Right to object You may object to the processing of your personal data that is collected on the base of legitimate interest.
Right to withdraw consent You can withdraw your consent at any time.
Right to file a complaint If your request was not satisfied, you could file a complaint to the regulatory body.
To exercise your rights, contact us
For EEA residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here.
For UK residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner’s Office via number 0303-123-1113 or go online at www.ico.org.uk/concerns.

UAE residents

Right Description
Right to access You can request information on whether personal data are being processed, and, where that is the case, access to this personal data and the information required by law.
Right to rectification You can change the data if it is inaccurate or incomplete.
Right to erasure You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law.
To exercise your rights, contact us

Cookies

We use cookies that are needed for the Website’s operation. By using cookies, we receive automatically collected data. You can read more in the Cookie Policy.

If you want to turn off cookies, you can find instructions for managing your browser settings at these links:

Privacy Notice updates

This Privacy Notice is developed according to the General Data Protection Regulation, other applicable privacy laws, and best privacy practices.

Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice on the Website / App.

If there are material changes to the Privacy Notice or the Website  that affect your data privacy rights, we will notify you by displaying information on the Website and, if necessary, ask for your consent.