Vendor Consent for Personal Data Protection Law Compliance
Tahaluf Al Emarat Technical Solutions L.L.C (Tahaluf) has obtained below mentioned personal data, personally identifiable information, sensitive personal information, and company information from you ( vendor) as part of vendor registration and empanelment process which are kept in our database for all internal processing activities.
- Vendor company/ entity information and address/ emails.
- Contact information of vendor company/ entity.
- Detail information about vendor company/ entity including ownership, trade license details, VAT details, etc.
- Bank account details, Contact person details, and supporting documents were uploaded.
Tahaluf here declares that information with us will be used for internal business processes, management, and administrative purpose, auditing purposes, project or customer contract compliance, exchanging information with banks, insurance companies, auditors, government agencies, tenders submissions, proposals build, sales and presales, marketing purposes. Information obtained from you enables us to run the business and manage our relationship with you effectively, lawfully, and appropriately.
In case it is required for us, we will be sharing the data/ information with government authorities, and third-party/ parties for any specific statutory, obligatory, legal, and company operational requirements, and if required Tahaluf may transfer the vendor data/ information to third parties (outside of the country where you as a vendor engaged with us) for processing purposes.
Tahaluf has signed contractual agreements with all third parties who are exposed to personal data, personally identifiable information, sensitive personal information, and company information to protect the data/ information and limit the processing activities to the purpose for which it is shared.
Vendor data/ information will, of course, inevitably be referred to in many company documents and records that are exposed to Tahaluf employees in the course of carrying out the internal operations and the business of the company.
In case you as a vendor do not want to do business with Tahaluf and opt out of the consent provided earlier and want all data and information which are personally identifiable (limited to vendor registration only) to be deleted from our database, you can do so by writing a mail to procurement email@example.com, Tahaluf will do so.
You have the right to obtain and rectify personal data, personally identifiable information, sensitive personal information, and company information by providing requirement details or rectification details through mail communication to firstname.lastname@example.org
We will erase your data which are personally identifiable (limited to vendor registration only) from our database for further processing or archive your data in the following scenarios:
- When vendor data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- If the vendor withdraws consent and where there is no other legal or legitimate ground for the processing data.
- 10 years of no interaction/ no business activity between Tahaluf and the vendor.
Upon your written request, we will provide you notification over mail regarding rectification, erasure, of data information provided earlier, or restrictions over processing of your personal data stating the details.
Tahaluf has implemented all technical controls for data protection and privacy, in case there is any incident of a data breach or data leakage to un-authorized stakeholders/ parties unless the breach is controlled or rectified Tahaluf will notify you with a detailed analysis of the data breach and impact within 72 hours of a breach.
You agree that in event of any data breach by Tahaluf or data leakage to un-authorized stakeholders/ parties or breach of UAE Data Protection law or General Data Protection Regulation GDPR, Tahaluf’s liability in this regard (if any) shall be limited to the value of contract / LPO executed between us during the duration of 6 months which followed the breach or the year which the breach has occurred whichever is less.
This consent is released in compliance with the United Arab Emirates Personal Data Protection Law and shall be governed by it and the Courts of the United Arab Emirates.