DIGITAL WORKPLACE – PRIVACY POLICY
Effective Date: 20 October 2025
Headquarters: Dubai, United Arab Emirates
Hosting: AWS Middle East (UAE Region)
Contact: support@digitalworkplace.me
1. Introduction
Welcome to Digital Workplace (“DWP”, “we”, “us”, or “our”). We are committed to protecting your privacy and your organisation’s information. This Privacy Policy explains how we collect, use, disclose, and safeguard data related to your participation in the Digital Workplace Certification programme and associated assessments, benchmarking, and improvement services (the “Services”).
This Policy complies with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and aligns with leading international privacy frameworks applicable across the GCC and globally.
We abide by the principles of lawfulness, fairness, and transparency in all aspects of personal data processing, ensuring that our handling of personal information is legitimate, just, and clear to individuals.
Whenever we collect personal data, we provide clear and honest notice to individuals about the nature of the data and the purposes for which it will be used, unless we are legally prevented from doing so.
2. Who We Are
Digital Workplace delivers regional certification and benchmarking frameworks that evaluate digital readiness and workplace maturity.
For the purposes of this Policy, Digital Workplace, registered in Dubai, United Arab Emirates, acts as the data controller responsible for determining the purposes and means of processing personal data.
For all privacy queries or requests, email support@digitalworkplace.me
Our systems are hosted on AWS Middle East (UAE Region).
3. Information We Collect
- Organizational & Account Information
• Organization name, industry, size, and location
• Authorized users’ names, titles, emails, and roles
• Billing details and contract information - Assessment & Certification Data
• Survey responses and audit inputs
• Uploaded policies, procedures, and supporting documents
• Scores, tier levels, and improvement roadmaps - Communication & Support Data
• Emails, tickets, meeting notes, feedback, and surveys - Technical & Website Data
• Device type, IP address, browser, log files
• Analytics events and cookies (essential + performance only)
We do not collect biometric, behavioural, or personal consumer data.
We also adhere to the principles of data minimization and accuracy, collecting only what is necessary for the stated purposes and striving to keep personal data accurate and up-to-date.
4. How We Use Your Information
We use data to:
• Deliver, manage, and improve the certification process
• Validate evidence and generate benchmark reports
• Provide technical support and client communications
• Issue certifications and manage re-certification cycles
• Analyse aggregated benchmarks for research and quality improvement
• Send optional updates, webinar invitations, or insights (with opt-out rights)
• Comply with legal obligations and prevent misuse
We will only process personal data for the above specified lawful purposes or other purposes that are compatible with the original intent. If we ever need to use personal data for a new purpose not outlined here, we will ensure it is permitted under applicable law or obtain your consent (or another appropriate legal basis) before such further processing.
5. Legal Basis for Processing
Our processing relies on:
• Contractual necessity (performing the Services)
• Legitimate interests (service improvement, security, fraud prevention)
• Legal obligation (UAE PDPL and applicable laws)
• Consent (for optional marketing/communications where required)
- Sensitive Personal Data
DWP does not intentionally collect sensitive personal data as part of the Services. If such data is required or provided for any reason, we will process it only when absolutely necessary and in strict accordance with the UAE PDPL (for example, by obtaining explicit consent or as otherwise permitted by law), and we will apply additional safeguards to protect its confidentiality and security.
6. Data Retention
Digital Workplace retains data only for as long as necessary to fulfil the purposes described in this Policy, and in accordance with legal and operational requirements.
- Assessment and Certification Data are typically retained for 24 months following project completion.
This period supports the full certification lifecycle, including the 12-month validity period and the optional re-certification and benchmarking phase. - Contracts, invoices, and billing records are retained for seven years, in line with UAE Commercial Companies Law and applicable tax-audit requirements.
- System and access logs are maintained for 12 to 24 months to support platform security, troubleshooting, and forensic investigation, while respecting the data-minimization principle under the UAE PDPL.
- Marketing and communication consents are stored only until withdrawn, ensuring compliance with privacy laws that require consent to remain valid solely while actively granted.
We periodically review retention periods for appropriateness and lawfulness. When data is no longer required, it is securely deleted or anonymised in accordance with DWP’s internal Data Retention and Disposal Policy.
You may request deletion or anonymisation at support@digitalworkplace.me
7. Data Sharing & Sub-Processors
We may share limited data with:
• Trusted service providers (hosting, analytics, email, payment)
• Accreditation or verification partners (for badge validation)
• Professional advisors or authorities (when legally required)
• Subcontractors operating under equivalent confidentiality and data-processing terms
DWP executes written Data Processing Agreements (DPAs) with all sub-processors, contractually requiring them to uphold confidentiality, implement adequate data protection safeguards, and process personal data only on our instructions and for specified purposes.
Where required, DWP will execute a Data Processing Agreement (DPA) defining roles, retention, and safeguards.
DWP does not sell or rent data.
8. International Transfers
Primary data is hosted in the AWS UAE Region. If cross-border processing is necessary (e.g., global benchmarking for multi-country clients), we apply appropriate safeguards recognised under the UAE PDPL and international best practice to protect transferred data.
9. Security Measures
We apply industry-standard controls including encryption in transit and at rest, role-based access, multi-factor authentication, periodic security assessments, logging/monitoring, and vendor due diligence.
If we identify a data breach that may affect your rights or interests, we will notify you and (where applicable) regulators in line with UAE PDPL requirements.
All DWP personnel with access to personal data are bound by confidentiality obligations and receive regular data protection training to ensure they understand and uphold our privacy and security standards.
10. Your Rights
Subject to law and applicable exemptions, you may access, rectify, delete, restrict, or export your personal data, object to certain processing, or withdraw consent (where processing is based on consent).
If you withdraw your consent, we will cease processing your data for the relevant purpose; however, such withdrawal will not affect the lawfulness of any processing performed prior to the withdrawal.
How to submit a request: email support@digitalworkplace.me with sufficient details for verification.
Verification: we may ask for information to confirm identity and authority (for authorised representatives).
Response time: we endeavour to respond within statutory timeframes under the UAE PDPL.
11. Public Verification Portal
Certified organisations will appear in the official Digital Workplace Public Verification Portal, which displays the organisation name, certification tier, country, and validity dates.
This listing is an integral part of the certification process to ensure transparency and public trust in awarded statuses.
If an organisation has legal or contractual reasons preventing publication, it may request an exception in writing at support@digitalworkplace.me, which DWP will review on a case-by-case basis.
12. Cookies & Analytics
DWP uses essential and performance cookies to enable secure login sessions, remember user preferences, and measure platform performance.
We do not use advertising or profiling cookies.
You may disable cookies in your browser settings; however, some site functions may not operate correctly.
13. Future Compliance Commitment
Digital Workplace continuously reviews and strengthens its data protection, information security, and quality management practices to meet regional and international best-practice standards.
For any new processing activities that present a high risk to personal data privacy, DWP will conduct Data Protection Impact Assessments (DPIAs) in advance to identify and mitigate potential risks.
14. Complaints
If you have concerns about how we process your data, please contact support@digitalworkplace.me. You may also have the right to contact the competent UAE supervisory authority under the PDPL.
15. Changes to this Policy
This Policy may be updated periodically. The latest version and effective date will always be displayed on our website.
16. Legal Information
- Trademark Name: Digital Workplace™
- Registration No.: 453711
- Category: 35 (Management consulting, marketing research, and consulting)
- Owner: SMC
- Registered Address: Office No. 2, Unit 0207, Al Ghurair Properties, Deira, Al Muteena, Dubai, UAE
- Registered Date: 25 August 2025
- Validity: Until 24 June 2035 (renewable every 10 years)
The term Digital Workplace™ is a registered trademark (Registration No. 453711) under Class 35 with the Ministry of Economy and Tourism of the United Arab Emirates. The trademark is owned by SMC under licence No. 0207, Al Ghurair Properties, Deira, Al Muteena, Dubai, United Arab Emirates. All rights are reserved. Unauthorized reproduction or use of this mark, logo, or associated materials is strictly prohibited.
17. Contact
Digital Workplace, Dubai — United Arab Emirates
support@digitalworkplace.me