1. Introduction

• Overview: Welcome to Marriage Market, an online platform dedicated to connecting wedding suppliers and couples planning their weddings. This Privacy Policy outlines how Marriage Market L.L.C-FZ (“Marriage Market,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal data when you use our website and services.
• Purpose of the Privacy Policy: The purpose of this Privacy Policy is to inform you about the types of personal data we collect, how we process it, the purposes for which we use it, and your rights regarding your personal data.
• Scope and Applicability: This Privacy Policy applies to all users of the Marriage Market platform, including both suppliers and couples, and covers all interactions with our website and services.

Definitions:

• “Platform”: Refers to the Marriage Market website and any future mobile applications.
• “Supplier”: Any business or individual offering wedding-related services and advertising on the Platform.
• “Couple”: Users of the Platform planning a wedding.
• “Personal Data”: Any information relating to an identified or identifiable natural person.
• “Processing”: Any operation performed on personal data, whether automated or not, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, erasure, or destruction.

2. Data Controller and Contact Information

Identity of the Data Controller: Marriage Market L.L.C-FZ is the data controller responsible for your personal data.

Contact Information:

• Email: privacy@marriage.market
• Address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.

3. Data Collection

Types of Data Collected:

• Personal Data: Name, email address, phone number, postal address, payment information, and any other information you provide to us.
• Sensitive Personal Data: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
• Non-Personal Data: Data that does not directly or indirectly reveal your identity, such as browser and device information, usage data, and aggregated data.

Methods of Data Collection:

• Direct Collection: Information you provide directly to us when creating an account, booking services, or contacting customer support.
• Automated Collection: Information is collected automatically through cookies, web beacons, and other tracking technologies when you use our Platform.
• Third-Party Sources: Information we receive from third parties, such as social media platforms, payment processors, and marketing partners.

4. Legal Basis for Data Processing

• Consent: We process your personal data based on your explicit consent, which you can withdraw at any time.
• Contractual Necessity: We process your personal data as necessary to perform our contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: We process your personal data to comply with legal and regulatory obligations.
• Legitimate Interests: We process your personal data based on our legitimate interests, such as improving our services, securing our platform, and marketing our services, provided that these interests are not overridden by your fundamental rights and freedoms.
• Vital Interests: We process your personal data to protect your vital interests or those of another person.
• Public Task: We process your personal data in the public interest or in the exercise of official authority vested in us.

5. Purpose of Data Processing

• Account Creation and Management: To create and manage your account, verify your identity, and provide customer support.
• Service Delivery: To deliver our services, process transactions, and communicate with you about your bookings and interactions with suppliers.
• Customer Support: To respond to your inquiries, resolve issues, and improve your experience on our Platform.
• Marketing and Advertising: To send you promotional materials, offers, and other information that may be of interest to you, based on your preferences.
• Legal and Compliance: To comply with legal obligations, enforce our terms and conditions, and protect our rights, privacy, safety, and property.
• Analytics and Improvement of Services: To analyse how our Platform is used, monitor and improve our services, and develop new features and offerings.

6. Data Sharing and Disclosure

• Third-Party Service Providers: We share your personal data with third-party service providers who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, and customer support.
• Legal Requirements: We disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
• Business Transfers: We may transfer your personal data in connection with a merger, acquisition, or sale of all or a portion of our assets. You will be notified via email and/or a prominent notice on our Platform of any change in ownership or use of your personal data.
• Affiliates and Subsidiaries: We share your personal data with our affiliates and subsidiaries for purposes consistent with this Privacy Policy.
• Public Authorities: We may disclose your personal data to public authorities where required by law or as necessary to protect our rights and interests.

7. International Data Transfers

• Transfers Within the GCC: We may transfer your personal data to countries within the GCC where we or our service providers operate.
• Transfers Outside the GCC: If we transfer your personal data to countries outside the GCC, we ensure that appropriate safeguards are in place to protect your data, such as standard contractual clauses or binding corporate rules.
• Adequacy Decisions and Safeguards: We ensure that any international transfers of personal data are based on adequacy decisions by relevant authorities or are subject to appropriate safeguards, such as data protection agreements.
• Binding Corporate Rules: Where applicable, we may rely on binding corporate rules approved by relevant authorities to ensure adequate protection of your personal data.
• Standard Contractual Clauses: We use standard contractual clauses approved by relevant authorities as a legal mechanism for transferring personal data outside the GCC.

8. Data Retention

• Retention Periods: We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
• Criteria for Determining Retention Periods: The retention period for personal data is determined based on the nature of the data, the purposes for processing, and applicable legal requirements.
• Data Deletion Procedures: Once the retention period expires, we securely delete or anonymise your personal data in accordance with applicable laws and regulations.

9. Data Security

• Technical and Organisational Measures: We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, and destruction.
• Data Encryption: We use encryption technologies to protect your personal data during transmission and storage.
• Access Controls: We limit access to your personal data to authorised employees, contractors, and service providers who need access to perform their job duties.
• Incident Response Plan: We have an incident response plan in place to handle any data breaches or security incidents, including procedures for notifying affected individuals and authorities as required by law.

10. User Rights under GDPR

• Right to Access: You have the right to request access to your personal data and obtain information about how we process it.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
• Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
• Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain conditions, such as when you contest the accuracy of the data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation.
• Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to automated decision-making, including profiling, that produces legal effects or similarly significantly affects you.

11. User Rights under UAE and GCC Laws

• Access to Personal Data: You have the right to request access to your personal data and obtain information about how we process it.
• Correction of Personal Data: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
• Deletion of Personal Data: You have the right to request deletion of your personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
• Objection to Processing: You have the right to object to the processing of your personal data under certain conditions, such as when you contest the accuracy of the data.
• Complaint Mechanisms: You have the right to lodge a complaint with the relevant data protection authority if you believe that your rights have been violated.

12. User Rights under USA Laws

California Consumer Privacy Act (CCPA): If you are a California resident, you have the following rights under the CCPA:

• Right to Know: You have the right to request information about the categories and specific pieces of personal data we have collected about you, the sources of that data, the purposes for which we collect it, and the third parties with whom we share it.
• Right to Delete: You have the right to request the deletion of your personal data, subject to certain exceptions.
• Right to Opt-Out: You have the right to opt out of the sale of your personal data to third parties.
• Right to Non-Discrimination: You have the right to not be discriminated against for exercising your privacy rights under the CCPA.

Other US Privacy Laws: Depending on your state of residence, you may have additional rights under state-specific privacy laws. Please refer to the relevant state privacy laws for more information.

13. Exercising Your Rights

• How to Make a Request: To exercise your rights under GDPR, UAE and GCC laws, or USA laws, please contact us using the contact details provided in this Privacy Policy. We will respond to your request in accordance with applicable laws and within the statutory timeframe.
• Verification of Identity: To protect your privacy and maintain security, we may take steps to verify your identity before granting you access to your personal data or complying with your request.
• Response Time: We aim to respond to all legitimate requests within one month. If your request is particularly complex or if you have made multiple requests, it may take us longer to respond. In such a case, we will notify you and keep you updated.

14. Cookies and Tracking Technologies

Use of Cookies: We use cookies and similar tracking technologies to collect and store information about your use of our Platform. Cookies are small text files that are placed on your device when you visit a website.

Types of Cookies We Use:

• Essential Cookies: These cookies are necessary for the operation of our Platform and enable you to use its features.
• Performance Cookies: These cookies collect information about how you use our Platform, such as which pages you visit most often, and help us improve our services.
• Functionality Cookies: These cookies allow our Platform to remember the choices you make and provide enhanced, more personalised features.
• Targeting Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests.

Managing Cookies: You can manage your cookie preferences through your browser settings. Please note that if you disable cookies, some features of our Platform may not function properly.

15. Children’s Privacy

• Age Restrictions: Our Platform is not intended for children under the age of 18. We do not knowingly collect personal data from children under 18.
• Parental Consent: If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete such data from our records.
• Reporting Unauthorised Collection: If you believe that we might have any information from or about a child under 18, please contact us using the contact details provided in this Privacy Policy.

16. Data Breach Notification

• Data Breach Procedures: In the event of a data breach that affects your personal data, we have procedures in place to address the breach promptly and effectively, including steps to mitigate the breach and prevent future occurrences.
• Notification to Users: If a data breach occurs that poses a high risk to your rights and freedoms, we will notify you without undue delay. This notification will include information about the nature of the breach, the likely consequences, and the measures we have taken to address the breach.
• Notification to Authorities: We will also notify the relevant data protection authorities of the data breach in accordance with applicable laws and regulations.

17. Data Protection Principles

• Lawfulness, Fairness, and Transparency: We process your personal data lawfully, fairly, and in a transparent manner. We provide clear information about our data processing practices and your rights.
• Purpose Limitation: We collect your personal data for specified, explicit, and legitimate purposes and do not process it in a manner that is incompatible with those purposes.
• Data Minimisation: We collect only personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure that your personal data is accurate and, where necessary, kept up to date. You have the right to request correction of any inaccurate or incomplete personal data.
• Storage Limitation: We retain your personal data for no longer than is necessary for the purposes for which it is processed, in accordance with our data retention policies.
• Integrity and Confidentiality: We process your personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

18. Data Protection Impact Assessments (DPIAs)

• When DPIAs are Conducted: We conduct Data Protection Impact Assessments (DPIAs) when processing personal data that is likely to result in a high risk to the rights and freedoms of individuals, particularly when using new technologies.
• Purpose of DPIAs: The purpose of DPIAs is to identify and mitigate risks to the privacy of individuals arising from the processing of their personal data.
• DPIA Process: The DPIA process involves assessing the nature, scope, context, and purposes of the processing, identifying potential risks to individuals, and implementing measures to mitigate those risks.

19. Changes to This Privacy Policy

• Policy Updates: We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors.
• Notification of Changes: We will notify you of any significant changes to this Privacy Policy by posting the updated policy on our Platform and updating the effective date at the top of the policy. In some cases, we may also notify you by email or other means.
• Continued Use of the Platform: Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

20. Third-Party Links

• Links to Other Websites: Our Platform may contain links to third-party websites or services that are not owned or controlled by Marriage Market. We are not responsible for the privacy practices of these third-party websites or services.
• Review of Third-Party Privacy Policies: We encourage you to review the privacy policies of any third-party websites or services before providing any personal data to them.
• Disclaimer of Responsibility: Marriage Market disclaims any responsibility or liability for the actions or policies of third parties.

21. Contact Information

Questions and Concerns: If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us using the following details:

• Email: privacy@marriage.market
• Address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.

Response Time: We aim to respond to all inquiries within a reasonable timeframe. Urgent issues should be clearly marked as such in the communication.

By using the Marriage Market Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.