GDPR Scope & Applicability
The EU General Data Protection Regulation (GDPR) applies to 118 Technology FZE in circumstances where:
- Our customers are established in the European Union or European Economic Area
- Our products process personal data of EU residents, regardless of where processing takes place
- We offer goods or services to individuals in the EU (even if payment is not required)
While 118 Technology FZE is a UAE-based company, we recognise the extraterritorial effect of GDPR and have implemented appropriate measures to ensure compliance for all EU-scope data processing activities.
Data Controller vs Processor
Under GDPR, 118 Technology FZE acts in different capacities depending on context:
| Context | Our Role | Your Role |
|---|---|---|
| Customer & prospect data (our CRM) | Data Controller | Data Subject |
| Data you enter into 118 PMS / Accounting / CRM | Data Processor | Data Controller |
| Usage and analytics data from our platform | Data Controller | Data Subject |
As a data processor of your customer data, we process that data only on your documented instructions and do not use it for our own purposes.
Lawful Basis for Processing
For all personal data processing under GDPR, we rely on one or more of the following lawful bases:
- Contract (Art. 6(1)(b)) โ Processing necessary to perform our contractual obligations to you
- Legal obligation (Art. 6(1)(c)) โ Processing required to comply with applicable law
- Legitimate interests (Art. 6(1)(f)) โ Processing for our legitimate business interests (fraud prevention, security, product improvement), where not overridden by your rights
- Consent (Art. 6(1)(a)) โ For optional marketing and analytics cookies
EU Data Subject Rights
We respect and uphold all GDPR data subject rights for EU residents:
| Right | How to Exercise | Response Time |
|---|---|---|
| Access (Art. 15) | Email privacy@118dubai.com | 30 days |
| Rectification (Art. 16) | Account settings or email us | 30 days |
| Erasure (Art. 17) | Email privacy@118dubai.com | 30 days |
| Restriction (Art. 18) | Email privacy@118dubai.com | 30 days |
| Portability (Art. 20) | Account data export feature or email us | 30 days |
| Object (Art. 21) | Email privacy@118dubai.com | 30 days |
International Data Transfers
Where personal data of EU residents is transferred outside the EEA (including to the UAE for processing by 118 Technology FZE), we ensure appropriate safeguards are in place under GDPR Chapter V:
- Standard Contractual Clauses (SCCs) โ EU Commission-approved SCCs are incorporated into our Data Processing Agreements
- Supplementary measures โ Technical and organisational measures (encryption, pseudonymisation) applied to transferred data
- Transfer Impact Assessments โ Conducted for all cross-border transfer mechanisms
Data Processing Agreements
If you are a customer established in the EU or processing EU personal data through our services, you are entitled to a Data Processing Agreement (DPA) with 118 Technology FZE that complies with GDPR Article 28.
To request a DPA, please email legal@118dubai.com with subject "GDPR DPA Request". We will provide a DPA within 5 business days. Our standard DPA includes the EU Standard Contractual Clauses (2021) as an annex.
Data Breach Notification
In the event of a personal data breach affecting EU residents, 118 Technology FZE will:
- As a data controller: notify the relevant supervisory authority within 72 hours and affected individuals without undue delay where the breach presents a high risk
- As a data processor: notify the relevant data controller without undue delay upon becoming aware of a breach, enabling them to fulfil their own notification obligations
Data Protection Officer
118 Technology FZE has appointed a Data Protection Officer (DPO) responsible for overseeing our GDPR compliance programme. The DPO can be contacted at: