Data Protection

Last update: April 3, 2023

Privacy Notice

Compliance with data protection regulations is important for PAUL HARTMANN Middle East FZE (hereinafter referred to as "HARTMANN", "we" or "us").

We would therefore like to inform you about the processing of your personal data, in particular about the purposes of the respective data processing, the categories of data processed and about your rights.

1. Responsible party and contact information

Responsible party:

Dubai Airport Free Zone
Building 5WA, Office 601
United Arab Emirates
Phone: +971-4-2996996

Contact Data Protection:
Dubai Airport Free Zone
Building 5WA, Office 601
United Arab Emirates
Phone: +971-4-2996996

2. Legal bases and purposes of data processing

We process your personal data in accordance with the provisions of the Federal Decree Law No. 45 of 2021 on the Protection of Personal Data of the United Arab Emirates.

We process data to meet legal requirements, for purpose-oriented interests and/or in the context of pre-contractual/contractual measures. In addition, we process your personal data if it is necessary to protect our interests or the interests of third parties unless there are no overriding interests on your part (including fundamental rights and freedoms) that speak against such processing.

We process your personal data in particular for the following purposes:

2.1 Purpose in the context of pre-contractual/contractual measures which can be in particular:

  • Sending of information about products.
  • Consultation or contact after trade fairs etc.
  • Business partner due diligence.
  • Obtaining creditworthiness information (e.g., via credit insurer).
  • Fulfilment of contractual obligations and services.
  • Transfer of address data to logistics companies for the delivery and collection of goods.
  • Delivery of contractually ordered products and goods.
  • Transfer of billing data to billing centres and forwarding to cost units.
  • Execution of payment transactions.
  • Customers satisfaction surveys.
  • Sending of interesting information about products and promotions.

2.2 Purpose-oriented interests which can be in particular:

  • Exclusive customer information on products and advertising materials.
  • Product training courses.
  • Direct marketing measures.
  • Consultation or contact after trade fairs etc.
  • Customer satisfaction survey.
  • Measures for the further development of services and products.
  • Testing and optimisation of procedures for demand analysis.
  • Further development of existing systems and processes.
  • Statistical evaluations for corporate management.
  • Enrichment of our data, e.g., by using or researching publicly available data as far as necessary.
  • Transfer of data within our corporate group for internal administrative purposes.
  • Measures for controlling and optimizing business processes.
  • Assertion of legal claims and defence in the event of legal disputes which are not directly attributable to the contractual relationship.
  • Comparison with national, European, and other international sanctions lists as part of our compliance program to determine critical data (screening), insofar as this goes beyond the legal obligations. The comparison depends to a large extent on the matter in question and the circumstances of the individual case, i.e., on the risk forecast and the safety relevance of the specific activity.

2.3 Purpose to meet legal requirements or public interest

PAUL HARTMANN Middle East FZE is registered with the Dubai Airport Free Zone Authority (‘’DAFZA’’) in the Emirate of Dubai, United Arab Emirates and like everyone who participates in the economic process, we are also subject to a variety of legal obligations. These are primarily legal requirements (e.g., according to the regulations of DAFZA, commercial and tax laws), but also, where applicable, regulatory, or other official requirements (e.g., Ministry of Health regulations).

The purposes of processing may include identity and age verification as well as fraud and money laundering prevention (e.g., comparison with European and international anti-terrorist lists). In addition, the disclosure of personal data may become necessary within the scope of official/judicial measures for the purpose of gathering evidence, criminal prosecution, or the enforcement of civil law claims.

3. Categories and origin of the personal data we process

When you contact us (by telephone, mail, or e-mail), your personal data will be processed for the purpose of handling your enquiry.

When you contact us by contact form over our website the information marked as mandatory in the contact form is required for the processing of your enquiry. As a rule, we delete inquiries 3 months after their receipt, at the latest, however, if they have been answered. In the event of statutory storage obligations to be observed, the deletion shall take place after their expiry.

So far as it is necessary for the decision on the establishment of a contractual relationship with you, we process, in addition to the personal data received directly from you, any legally obtained personal data from third parties.

We process in particular the following data categories:

  • Contact data (e.g., e-mail address, telephone numbers, address).
  • Content data (e.g., text input contact form, photographs, videos).
  • Contract data (e.g., subject matter of the contract, duration, customer category, username), in particular for the fulfilment of our contractual obligations and services, for the implementation of marketing measures based on our interests (e.g., in the context of customer satisfaction surveys).
  • Payment data (e.g., bank details, account details, credit card details, payment history).
5. Processing or transferring your personal data in a third country

Where possible, we will process your personal data on the territory of the United Arab Emirates. If, however, processing and thus at the same time transfer of your personal data to third countries (e.g., Germany) is necessary especially in connection with the use of service providers, we will ensure that the special legal requirements for such processing are met and that an adequate level of data protection exists in the third country and/or appropriate guarantees (e.g., standard contractual clauses) exist and that sufficient technical and organizational measures are in place to protect your personal data. We also will ensure that the enforcement of your rights is guaranteed.

6. Storage and deletion of your personal data

We process or store your personal data in principle only for the intended purpose and/or for the duration of a contractual relationship.

Your personal data stored by us will be deleted as soon as they are no longer required for their intended purpose and if there are no legal storage obligations to prevent deletion.

If the personal data are not deleted because their processing is necessary for other and legally permissible purposes, the processing is restricted. This means that the personal data is blocked and not processed for other purposes. Instead of deleting your personal data, we will, if necessary, make it anonymous in such a way that it is irreversibly impossible to retrieve it in the future.

In accordance with the legal requirements commercial documents and accounting records should be retained for a minimum period of 5 years under UAE laws.

7. Your rights

You only need to provide us with the personal data that we generally require for the execution of your inquiry, our services, that are necessary for the initiation, execution, and termination of a contractual relationship or that we are legally obliged to collect (e.g., to provide evidence to authorities).

Boxes marked with an asterisk (*) in our forms are mandatory. Without this personal data, we will generally not be able to provide our services or to conclude and carry out a contractual relationship with you. This may also refer to personal data that will later become necessary within the scope of a contractual relationship or the provision of services. If we request personal data from you in addition to this, your details are always voluntary.

In particular

  • You have the right to withdraw your consent to the processing of your personal data at any time with effect for the future. Processing that has taken place before the revocation therefore remains lawful.
  • You have the right to request that your personal data are corrected if inaccurate or completed if incomplete.
  • You have the right to be informed about what type of personal data we process, the purpose of processing, how we control and store your personal data and if your personal data were transferred to a third party or country.
  • You have the right to restrict, suspend or stop the processing of your data if you believe that the data, we are processing are incorrect or the data are being processed for a purpose that is not agreed. However, if there are overriding reasons for processing or if we are required by law to process your data to protect the rights of third parties or to protect the public interest, this may affect your right to do so.
  • You have the right to stop the processing of your data if the processing is for direct marketing purposes including profiling related to direct marketing or if the processing is for conducting statistical surveys.
  • You have the right to object to decisions issued based on automated processing, including profiling, if they have legal consequences for you. In case you have agreed by terms of contract or by consent to the processing your right to object is limited to the agreed terms. Your right to object is in addition limited if the automated processing is necessary according to other legislation in force in the UAE.
  • You have the right to request the deletion of your personal data stored with us unless legal obligations restricting the deletion.
8. Security measures

We are taking the protection of your personal data serious, and the protection of your data is considered as early as possible including the development and selection of hardware and software.

The security measures include in particular data protection friendly pre-settings, the encrypted transmission of data between your browser and our server, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to personal data, as well as access, input, disclosure, safeguarding of availability and segregation thereof. Third party security measures include in particular IP masking (pseudonymization of your IP address).

We have also established procedures to ensure the exercise of your rights, the deletion of your personal data and response to threats to your personal date.

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account state of the art technology, the nature, scope, circumstances, and purposes of the processing, as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons.