GDPR Policy

Last Updated: August 14, 2025

1. Introduction and Commitment

The Emirates Insider (“we,” “us,” “our”), accessible at thesoftformac.com, is strongly committed to protecting the privacy and personal data of our users. This GDPR Policy is specifically intended for individuals residing in the European Economic Area (EEA) and outlines our practices in compliance with the General Data Protection Regulation (EU) 2016/679.

This document serves as a supplement to our main Privacy Policy, providing detailed information about how we collect, process, and protect your Personal Data, and explaining the specific rights you have as a Data Subject under GDPR.

For the purposes of GDPR, The Emirates Insider is the Data Controller for the personal information we process.

2. Key GDPR Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person (the ‘Data Subject’). This can include a name, an email address, an IP address, or cookie identifiers.
  • Data Subject: The natural person whose Personal Data is being collected, held, or processed.
  • Processing: Any operation performed on Personal Data, such as collection, recording, organization, storage, adaptation, retrieval, use, disclosure, or erasure.
  • Data Controller: The entity that determines the purposes and means of the processing of Personal Data. In this case, The Emirates Insider.

3. Principles of Data Processing

We adhere to the core principles of data processing as outlined in Article 5 of the GDPR. Your Personal Data will be:

  • Processed lawfully, fairly, and in a transparent manner.
  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (data minimisation).
  • Accurate and, where necessary, kept up to date.
  • Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed.
  • Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

4. Legal Basis for Processing Your Personal Data

We only process your Personal Data when we have a lawful basis to do so. Our legal bases for processing include:

  • Consent: We will process your Personal Data for specific purposes if you have given us your explicit consent to do so. For example, when you subscribe to our newsletter, you consent to us using your email address to send you content. You can withdraw your consent at any time.
  • Legitimate Interests: We may process your information where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, we process Usage Data to analyze website traffic, improve our content, prevent fraud, and ensure the security of our Website, which are legitimate business interests.
  • Legal Obligation: We may process your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

5. Your Rights as a Data Subject under GDPR

Under GDPR, you have extensive rights regarding your Personal Data. We are committed to facilitating the exercise of these rights.

  1. The Right to Be Informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this policy.
  2. The Right of Access: You have the right to obtain access to your Personal Data that we hold and process. This allows you to be aware of and verify the lawfulness of the processing.
  3. The Right to Rectification: You are entitled to have your Personal Data rectified if it is inaccurate or incomplete.
  4. The Right to Erasure (The ‘Right to be Forgotten’): This right enables you to request the deletion or removal of your Personal Data where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
  5. The Right to Restrict Processing: You have the right to ‘block’ or suppress further use of your Personal Data. When processing is restricted, we can still store your information, but may not use it further.
  6. The Right to Data Portability: You have the right to obtain and reuse your Personal Data for your own purposes across different services. It allows you to move, copy, or transfer Personal Data easily from one IT environment to another in a safe and secure way, without affecting its usability.
  7. The Right to Object: You have the right to object to certain types of processing, including processing for direct marketing and processing based on our legitimate interests.
  8. Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. Our Website does not engage in such automated decision-making.

6. How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable consumer request to us by emailing our data protection team at:

Email: gdpr@thesoftformac.com

We will respond to your request within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

7. International Data Transfers

The Emirates Insider is based outside the EEA, and some of our external third-party service providers (such as hosting and analytics providers) are also based outside the EEA. Therefore, the processing of your Personal Data may involve a transfer of data outside the EEA.

Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe (known as Standard Contractual Clauses).

8. Data Retention

We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, if you subscribe to our newsletter, we will retain your email address until you choose to unsubscribe.

9. Data Security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee its absolute security.

10. Lodging a Complaint

You have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance at gdpr@thesoftformac.com.

11. Contact Us

For any questions or concerns regarding this GDPR Policy or our data protection practices, please contact us at:

Email: gdpr@thesoftformac.com