Privacy Policy

This Privacy Policy describes how DVNC ("we", "us", "our") collects, uses, stores, discloses, and protects personal data of visitors, prospects, and clients of dvnc.ae.

By using our site, contacting us, or engaging us, you acknowledge that you have read this Policy. If you do not agree, please discontinue use.

This Policy is designed against the following frameworks: UAE PDPL (Federal Decree-Law 45/2021), DIFC Regulation 10, GDPR / UK GDPR (for cross-border engagements), CCPA / CPRA (for any California-resident interaction), and the EU AI Act transparency obligations (effective 2 August 2026) where relevant.

The data controller is DVNC, Dubai, United Arab Emirates. Privacy contact: hi@dvnc.ae.

Information you give us — name, email, business, message content, project / engagement details, and any documents shared during scoping or delivery.

Information collected automatically — browser, device, country-level geo, page-view + navigation analytics, server logs. No precise geolocation, no fingerprinting, no cross-site advertising tracking.

WhatsApp + Calendly metadata — when you contact us via these channels, the third party processes your data under its own terms; we receive only what is necessary to respond.

What we do not collect — sensitive personal data (health, racial origin, political views, biometric, genetic, sexual orientation), payment card data, government ID numbers, precise location, or any data that is not strictly necessary to deliver an engagement.

To respond to inquiries, deliver engagements, and operate the site.

To meet legal obligations (tax, accounting, regulatory).

For security, abuse-prevention, and basic anonymized analytics.

We do not use your data for automated decision-making with legal or similarly significant effect under PDPL Article 18 or GDPR Article 22.

We do not sell personal data. We share data only with: (a) infrastructure providers (hosting, analytics, email delivery, calendar) under appropriate data-processing terms; (b) when required by law or to defend rights and safety.

For engagements that touch EU / UK / US data subjects, we operate Standard Contractual Clauses with any sub-processors and observe applicable cross-border transfer rules.

Inquiry / proposal data — up to 12 months after resolution, then deleted.

Engagement data — for the lifetime of the engagement plus the legally required record-keeping period (typically 5 years for UAE accounting).

Analytics — anonymized; logs purged within 30 days.

TLS in transit. Hosted on managed enterprise-grade infrastructure. Least-privilege access. Vendor data-processing agreements. UAE PDPL-aligned breach response: regulator notification + affected-individual notification within the timelines required by the applicable framework.

Under UAE PDPL: access, rectification, erasure, restriction of processing, objection, portability, and the right to withdraw consent.

Under DIFC Regulation 10, GDPR, UK GDPR, and CCPA: the equivalent rights for residents of those jurisdictions.

To exercise any right, email hi@dvnc.ae. We respond within 30 days (or sooner where required).

We update this Policy when laws, practices, or sub-processors change. Material changes will be flagged on this page and (where required) communicated.

DVNC — Dubai, United Arab Emirates. Privacy: hi@dvnc.ae.