Privacy Protocol

Blue Royal Group of Companies ("We", "Our", "Us") operates as the primary Data Controller. In our commitment to absolute transparency and regulatory compliance under the UAE Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (PDPL), as well as the General Data Protection Regulation (GDPR), we enforce stringent protocols regarding the collection of your personal and corporate data.

The scope of data we collect is directly proportional to the services you request, whether that involves labor supply contracting, corporate partnership, or direct employment. This includes, but is not limited to:

• Personally Identifiable Information (PII): Full legal names, dates of birth, nationalities, passport numbers, Emirates ID details, and residential addresses. This is strictly required for visa processing, Ministry of Human Resources and Emiratisation (MOHRE) compliance, and security clearances for high-profile engineering sites.
• Corporate & Financial Data: Trade licenses, VAT registration numbers, corporate banking details, and signatory authorizations required for B2B contracting and civil engineering project execution.
• Automated Digital Telemetry: When interacting with our digital infrastructure, our servers automatically log internet protocol (IP) addresses, browser telemetry, operating system environments, time-stamped access logs, and referring digital properties. This data is critical for cybersecurity monitoring and preventing unauthorized intrusion.

We do not engage in the indiscriminate processing of data. Every data point we collect is tied to a specific, lawful basis of processing. These bases include contractual necessity, legal obligation, and legitimate corporate interests.

Specifically, your data is utilized within our secure matrix for the following explicit purposes:

• Execution of Service Contracts: To deploy specialized manpower, initiate HVAC ducting fabrication, and commence civil contracting operations across Dubai and the wider UAE.
• Regulatory Compliance: To satisfy mandatory reporting and compliance checks mandated by UAE federal authorities, including Dubai Municipality and MOHRE.
• Operational Communications: To transmit critical project updates, logistical changes, invoicing details, and health & safety protocols to your designated corporate liaisons.
• Service Enhancement: To analyze digital traffic patterns, thereby optimizing our website's performance, user interface, and digital resource allocation.

We strictly prohibit the monetization, unauthorized renting, or selling of your personal or corporate data to third-party data brokers.

As a data subject interacting with Blue Royal Group, the UAE PDPL and GDPR grant you absolute, irrevocable rights over your digital footprint. You are empowered to exercise the following rights at any time by contacting our Data Protection Officer (DPO):

• The Right to Access & Portability: You may request a comprehensive, machine-readable export of all personal data we currently hold within our servers.
• The Right to Erasure (Right to be Forgotten): You may request the permanent deletion of your data, provided that its retention is not legally mandated by UAE federal law for auditing or labor compliance purposes.
• The Right to Rectification: You may request immediate correction of any inaccurate, outdated, or incomplete data within our systems.
• The Right to Restrict Processing: You may demand a temporary halt on the processing of your data while an investigation into its accuracy or lawful use is conducted.