← Back to Home

Privacy Policy

Last Updated: January 6, 2025

1. Introduction

Maxerion L.L.C-FZ ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use VendorOne ("Service").

Our Privacy Commitments:

  • All data is stored in secure datacentres located in the United Arab Emirates
  • We do not sell, rent, or share your personal data with third-party marketing or data broker companies
  • We comply with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL)
  • You have full control over your data with rights to access, correct, and delete

2. Information We Collect

2.1 Information You Provide Directly

When you register and use the Service, we collect:

  • Account Information: Name, email address, phone number, job title, company name
  • Profile Information: Organization details, billing address, payment information
  • Vendor Data: Information about third-party vendors you manage (company names, contact details, licenses, certifications, insurance documents)
  • Communications: Support requests, feedback, survey responses

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

  • Usage Data: Pages visited, features used, time spent, search queries
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, errors, performance metrics
  • Cookies and Similar Technologies: Session identifiers, preferences (see Section 8 for details)

2.3 Information from Third Parties

We may receive information from:

  • Government Databases: Public trade license and regulatory data for verification purposes
  • Payment Processors: Transaction status and payment confirmation
  • Authentication Providers: If you sign in via SSO (e.g., Microsoft, Google)

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Provision

  • Create and manage your account
  • Provide vendor management and compliance features
  • Process payments and maintain billing records
  • Send transactional emails (alerts, confirmations, notifications)
  • Verify vendor information against government databases
  • Generate compliance reports and analytics

3.2 Service Improvement

  • Analyze usage patterns to improve features
  • Identify and fix technical issues
  • Conduct research and development
  • Create aggregated, anonymized analytics (no personal identifiers)

3.3 Communication

  • Respond to support requests and inquiries
  • Send important service updates and security alerts
  • Provide product announcements (you may opt out)

3.4 Security and Legal Compliance

  • Prevent fraud, abuse, and security threats
  • Enforce our Terms and Conditions
  • Comply with legal obligations and government requests
  • Protect the rights and safety of our users

4. Data Residency and Storage

UAE Data Residency Guarantee:

All customer data, including personal information and vendor data, is stored exclusively in secure datacentres physically located in the United Arab Emirates. We do not transfer your data outside the UAE without your explicit consent, except where required by law.

Our infrastructure partners include:

  • Cloud hosting providers with UAE datacentres (AWS Middle East, Microsoft Azure UAE)
  • Database services with UAE-based storage
  • Backup systems replicated within UAE regions

Data Retention: We retain your data for as long as your account is active, plus 30 days after termination for data recovery purposes. After this period, data is permanently deleted unless we are legally required to retain it (e.g., financial records for tax compliance).

5. Data Sharing and Disclosure

We do not sell your personal data. We may share data in the following limited circumstances:

5.1 Service Providers

We work with third-party service providers who process data on our behalf:

  • Cloud Infrastructure: AWS, Microsoft Azure (UAE datacentres only)
  • Payment Processing: Stripe, PayPal (for subscription billing)
  • Email Delivery: Resend, SendGrid (transactional emails only)
  • Analytics: Anonymized usage analytics (no personal identifiers)

All service providers are contractually obligated to protect your data and use it only for providing services to us.

5.2 Legal Requirements

We may disclose data if required by UAE law, court order, or government regulation, including:

  • Responding to legal process (subpoenas, warrants)
  • Investigating fraud or security incidents
  • Protecting rights, property, or safety of Maxerion, users, or the public

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, customer data may be transferred to the acquiring entity. We will notify you of any such change and your options.

5.4 With Your Consent

We may share data with third parties if you explicitly consent (e.g., integrations with your other software tools).

6. Data Security

We implement industry-standard security measures to protect your data:

6.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, DDoS protection
  • Database Security: Row-level security, isolated tenant data
  • Secure Backups: Encrypted, geographically distributed within UAE

6.2 Organizational Safeguards

  • Employee access limited on a need-to-know basis
  • Regular security training for all personnel
  • Background checks for employees with data access
  • Incident response plan and security monitoring
  • Regular security audits and penetration testing

6.3 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by UAE PDPL, including details of the breach and remediation steps.

7. Your Rights and Choices

Under UAE PDPL and our policies, you have the following rights:

7.1 Right to Access

You may request a copy of all personal data we hold about you. We will provide this within 30 days in a structured, machine-readable format.

7.2 Right to Correction

You may update or correct your account information at any time through your account settings. For assistance, contact our support team.

7.3 Right to Deletion

You may request deletion of your personal data, subject to:

  • Legal retention requirements (e.g., financial records)
  • Ongoing legal claims or investigations
  • Completion of pending transactions

Upon account deletion, data is retained for 30 days for recovery, then permanently deleted.

7.4 Right to Data Portability

You may export your vendor data at any time in CSV or Excel format directly from the Service.

7.5 Right to Restrict Processing

You may request that we limit processing of your data while we verify accuracy or assess legal grounds.

7.6 Right to Object

You may object to processing for marketing purposes (opt-out links in all marketing emails) or contest automated decision-making.

7.7 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@tenderone.com. We will respond within 30 days and may require identity verification.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze Service usage.

8.1 Types of Cookies We Use

Essential Cookies (Required)

Necessary for the Service to function. Cannot be disabled.

  • Session management and authentication
  • Security and fraud prevention
  • Load balancing

Functional Cookies (Optional)

Remember your preferences and settings.

  • Language and region preferences
  • Dashboard layout customization
  • Filter and search preferences

Analytics Cookies (Optional)

Help us understand how the Service is used (anonymized data only).

  • Page views and navigation patterns
  • Feature usage statistics
  • Performance monitoring

8.2 Cookie Consent

When you first visit our website, you will see a cookie consent banner. You can:

  • Accept All: Consent to all cookie types
  • Reject Optional: Only essential cookies will be used
  • Manage Preferences: Choose which optional cookies to allow

You can change your cookie preferences at any time through your browser settings or our cookie preference center (footer link).

8.3 Third-Party Cookies

We do not allow third-party advertising or tracking cookies. Any third-party cookies are limited to service providers (payment processors, support tools) and subject to their privacy policies.

9. Children's Privacy

The Service is intended for business use and not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete it promptly.

10. International Data Transfers

As stated in Section 4, all data is stored in UAE datacentres. We do not transfer data internationally except:

  • Technical Support: In rare cases, authorized support personnel may access data remotely (via encrypted, audited connections)
  • Legal Compliance: If required by UAE law enforcement or government agencies
  • Customer Request: If you explicitly request data export or integration with international services

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via:

  • Email to your registered address (at least 30 days before effective date)
  • In-app notification
  • Updated "Last Updated" date at the top of this page

Continued use after notification constitutes acceptance of the updated policy. If you disagree, you may terminate your account.

12. Regulatory Compliance

We comply with:

  • UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL)
  • Dubai International Financial Centre (DIFC) Data Protection Law where applicable
  • Telecommunications Regulatory Authority (TRA) regulations
  • Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements for financial transactions

13. Contact Us

For questions, requests, or complaints about this Privacy Policy or our data practices, please contact:

Data Protection Officer
Maxerion L.L.C-FZ
The Meydan Hotel, Grandstand, 6th floor
Meydan Road, Nad Al Sheba
Dubai, United Arab Emirates

Email: privacy@tenderone.com
Email: dpo@maxerion.com

We aim to respond to all privacy inquiries within 30 days.

Complaints: If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the UAE Office of Data Protection or relevant regulatory authority.

Privacy Summary

✓ We Do

  • Store data in UAE only
  • Encrypt all data
  • Give you full data control
  • Comply with UAE laws
  • Protect your privacy

✗ We Don't

  • Sell your data
  • Share with advertisers
  • Store data outside UAE
  • Track across websites
  • Use data without consent
Privacy Policy | VendorOne