top of page
1. Introduction

Welcome to LOCAL BRIDGE SOLUTIONS - FZCO (“we,” “us,” or “our”)! We value your privacy and are committed to protecting personal data in accordance with applicable laws. This Privacy Policy explains how we collect, use, disclose, and safeguard the personal data of:

  • Merchants who use our Merchant-of-Record (“MoR”) platform to sell their digital products.
     

  • Buyers who purchase those products through our platform.
     

  • Other individuals who interact with our websites, services, and support channels.
     

We are located in the United Arab Emirates (UAE) in an International Free Zone (IFZA), but provide services worldwide. Therefore, we endeavor to comply with relevant international data protection laws, including the EU/UK GDPR, CCPA (California Consumer Privacy Act), and UAE PDPL (Federal Decree-Law No. 45 of 2021, as applicable).

By using our services, visiting our website, or otherwise providing personal data, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with any part of this Policy, you should stop using our services.

2. Definitions

  • Company” or “We/Us/Our”: [Your Company Name], including affiliates/subsidiaries acting as Merchant of Record.
     

  • MoR (Merchant of Record)”: The entity legally selling products/services to end customers and handling payments and taxes on behalf of the original product provider.
     

  • Merchant”: A vendor/developer/creator who lists and sells products (e.g., software, digital content) on our platform under the MoR model.
     

  • Buyer”: An end user (consumer or business) purchasing a product through our platform from us (MoR).
     

  • Personal Data”: Any information relating to an identified or identifiable individual, as defined under GDPR and similar laws.
     

  • Processing”: Any operation performed on personal data (collection, recording, storage, disclosure, etc.).
     

  • Controller”: The entity determining the purposes and means of processing personal data. We generally act as Controller for data covered by this Policy (unless stated otherwise).
     

  • Processor”: An entity processing data on behalf of the Controller (e.g., cloud hosting).
     

  • GDPR”: The EU General Data Protection Regulation 2016/679 and UK GDPR.
     

  • CCPA”: The California Consumer Privacy Act (including amendments such as CPRA).
     

  • UAE PDPL”: The UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection.
     

  • Other relevant terms may be defined in the text or in our Terms of Service.

3. Scope of this Privacy Policy

This Policy applies to:

  1. Merchants using our platform: We collect data to set up accounts, process payouts, perform AML/KYC checks, etc.
     

  2. Buyers purchasing products: We handle payment details, tax calculations, and provide order confirmations.
     

  3. Site visitors and support contacts: People who browse our websites or contact support.
     

In some cases, we act as Controller for your personal data (making decisions about how data is used), and in other cases, we might act as a Processor on behalf of a Merchant. Where we process Buyer data on behalf of Merchants’ instructions, a separate Data Processing Agreement (DPA) may apply.

4. The Data We Collect

4.1 Data You Provide Voluntarily

(a) Merchant Registration
 

  • Account details: Name, company name, address, email, phone number, tax IDs, etc.

  • KYC/AML documents: We may require IDs, passports, incorporation docs, beneficial owner information to verify your identity and fulfill AML obligations.

  • Banking or payout details: So we can transfer earnings from product sales.

  • Credentials: Login and password for our platform.
     

(b) Product Purchases (Buyer data)
 

  • Contact details: Name, email, shipping/billing address if needed.

  • Order details: Product name, price, taxes, date/time, currency, any discount/coupon data.

  • Payment information: Card details or e-wallet info (processed securely via PCI DSS-compliant gateways). We do not store full payment card numbers on our servers, only references or tokens from the payment processor.

  • Other: If you create a Buyer account/portal (for access to digital goods), we may store your login info.
     

(c) Communication and Support
 

  • If you contact us (email, phone, live chat), we collect the info you share for support, troubleshooting, or feedback.

  • If you respond to surveys or marketing forms, we collect that voluntary input.
     

4.2 Data Collected Automatically
 

  • Log Data: IP address, browser type, OS, device info, pages visited, timestamps, referrer URLs, etc.

  • Cookies and similar technologies: We use cookies to enable features like login sessions, cart functionality, analytics, etc. See Section 12 or our Cookie Policy for details.

  • Usage analytics: How you navigate and interact with our site or dashboard, click events, session durations.

  • Device information: For app usage, we might collect device model, OS version, unique device IDs, and crash logs.
     

4.3 Special Category Data / Sensitive Data
 
We generally do not collect sensitive data (health, biometric, religious, etc.) except if strictly necessary (e.g., ID documents for AML). We process such data only under lawful grounds (explicit consent or legal obligations).
 
4.4 Children’s Data
 
Our services are not intended for children under 13 (or under the local age of digital consent). We do not knowingly collect children’s data. If you believe a child provided personal data without proper consent, please contact us so we can delete it.

5. How We Use Personal Data

We process personal data only for specific, lawful purposes:
 

5.1 Providing Our Services (Contract Performance)
 

  • Merchant account setup: Creating your account, authenticating, letting you manage digital products, see sales, request payouts.

  • Processing Buyer orders: We handle payment, generate receipts, deliver digital goods or notify the Merchant to do so.

  • Support and communications: Responding to inquiries, technical help, dispute resolution, etc.

  • Personalization: Saving your preferences (e.g., language, currency, account settings).

  • Buyers’ access: If you have a Buyer portal to re-download purchases or manage subscriptions, we maintain your account details and order history.
     

Legal basis under GDPR: Art. 6(1)(b) – necessary for contract performance (with Merchant or Buyer).

5.2 Legal and Regulatory Compliance

  • KYC/AML checks: We verify Merchant identity, check sanction lists, etc., per anti-money laundering laws.

  • Tax obligations: As MoR, we calculate and remit VAT, GST, sales tax, etc. We keep transaction data for the legally required retention period.

  • Consumer protection: Handling returns/refunds according to local consumer laws.

  • Requests from authorities: Complying with subpoenas, court orders, regulatory inspections.

  • Sanctions/export controls: We may block certain regions or individuals under sanctions.
     

Legal basis: Art. 6(1)(c) GDPR (compliance with a legal obligation); AML laws; local tax regulations.

5.3 Legitimate Interests

We rely on legitimate interests (Art. 6(1)(f) GDPR) for:

  • Improving and developing our platform: Analyzing usage metrics, troubleshooting to enhance features.

  • Internal marketing: Emailing our Merchants about updates, new features, promotions relevant to them (always with an opt-out).

  • Fraud prevention and security: Monitoring transactions for suspicious patterns, using fraud-detection systems, restricting malicious behavior.

  • Protecting our rights: Retaining data for potential legal claims, enforcing Terms of Service, collecting debts, or investigating wrongdoing.

  • Combining data from different sources (if you’re both a Buyer and a Merchant, or using multiple services) to provide consistent support, reduce duplication, enhance user experience.
     

You may object to such processing at any time (Section 10).

5.4 Consent-Based Processing

In some cases, we rely on your consent (Art. 6(1)(a) GDPR or equivalent) as the legal basis:

  • Optional marketing to new prospective users or subscriptions beyond an existing relationship.

  • Cookie usage for analytics or personalization if local law requires explicit consent.

  • Processing special categories of data if needed and no other lawful basis applies.
     

If you give consent, you can withdraw it any time (Section 10.7).

6. Disclosure of Data to Third Parties

We do not sell or share personal data to external parties for their own marketing. However, we disclose personal data in these scenarios:

6.1 Within Our Corporate Group
 

  • We may share data among our affiliate entities (e.g., local MoR subsidiaries in the U.S., EU) for operational, administrative, or support needs. All affiliates follow consistent data protection standards.
     

6.2 Service Providers (Processors)

We engage service providers to act as processors on our behalf:
 

  • Payment processors, banks: For Buyer payments, Merchant payouts, etc.

  • Hosting/Cloud providers: Store data on secure servers (e.g., AWS, Azure).

  • Email/messaging services: Send transactional or promotional emails.

  • Analytics and debugging tools: For usage insights and error tracking.

  • KYC/AML check solutions: Identity verification.
     

They only process data under our instructions, sign confidentiality clauses, and must maintain security measures.

6.3 Independent Third Parties (Controllers)

In certain contexts, third parties handle data as separate controllers:
 

  • Merchants: If you’re a Buyer, we share necessary info (e.g., name, email, purchase details) with the Merchant so they can fulfill or support the product. The Merchant’s own privacy policy applies beyond that.

  • Buyers: May see limited Merchant details on invoices, e.g., Merchant name or product info.

  • Professional advisors: Lawyers, auditors, accountants—only as needed, under professional confidentiality.

  • Debt collectors, courts: If required to recover owed amounts or defend legal claims.

  • Government authorities: Complying with lawful requests (tax audits, investigations, law enforcement).

  • Business transfers: If we merge, sell assets, or restructure, personal data may be transferred to the new owner under similar confidentiality obligations.
     

6.4 No Third-Party Marketing

We do not share your personal data with external companies for their independent marketing use. Hence, under CCPA, we do not “sell” or “share” personal info for cross-context behavioral advertising.

7. International Transfers

We are headquartered in the UAE but operate globally. Personal data may be processed outside your home country. Different countries have different data protection standards. We ensure appropriate safeguards:

  • From EEA/UK to non-adequate countries: We use Standard Contractual Clauses (SCCs) or other lawful mechanisms to protect EU/UK data.
     

  • From UAE: We adhere to UAE PDPL, ensuring legal bases for transfers.
     

  • Further: We maintain consistent internal security policies, so data is protected under our same standards no matter where it resides.
     

Where required by law, we sign additional data transfer agreements with recipients. If you want more info or a copy of relevant safeguards, please contact us.

8. Data Retention

We keep personal data only as long as needed to fulfill the purposes stated or comply with laws:
 

  • During active relationship: As long as you have a Merchant account, an ongoing purchase/subscription, or otherwise require the service.
     

  • Statutory retention: We keep transactional records for tax/accounting (e.g., 5–7 years). KYC documents may be kept for AML retention periods.
     

  • Litigation or audit: We may retain data if needed for potential or ongoing disputes or government audits.
     

  • After expiry: Data is securely deleted or anonymized unless legal obligations require further retention.
     

  • Backups: Some data may remain in encrypted backups briefly until rotation.

9. Your Rights and Choices

Depending on your jurisdiction, you may have rights under GDPR, CCPA, UAE PDPL, etc. These may include:

  1. Right of Access – Request confirmation if we process your data and receive a copy.
     

  2. Right to Rectification – Correct inaccurate or incomplete data.
     

  3. Right to Erasure (“Right to be Forgotten”) – Ask us to delete your data when no longer needed or if illegally processed, etc. (subject to legal exceptions).
     

  4. Right to Restrict Processing – Temporarily limit processing (e.g., pending accuracy checks).
     

  5. Right to Object – Object to processing based on legitimate interests or public tasks. Absolute right to object to direct marketing.
     

  6. Right to Data Portability – Obtain a machine-readable copy of data you provided or request we transmit it to another service where feasible.
     

  7. Right to Withdraw Consent – If processing is based on consent, you can withdraw it at any time (previous processing remains lawful).
     

  8. Non-Discrimination – Under CCPA, we won’t discriminate if you exercise your privacy rights.
     

  9. Additional region-specific: For instance, CA residents have certain “Know”/“Delete”/“Correct” rights (CCPA). EU users can complain to a Data Protection Authority. UAE users can contact the UAE Data Office if unresolved.
     

How to exercise your rights:

  • Merchants can often view and correct data in their account settings.
     

  • Buyers or others: email us at [privacy@your-company.com] or use our privacy web form.
     

  • We may need to verify your identity to prevent unauthorized access to data.
     

  • We typically respond within 30 days (GDPR) or 45 days (CCPA). If we must decline your request due to legal obligations, we’ll explain the reason.

10. Security Measures

We take appropriate technical and organizational measures to safeguard personal data:
 

  • Technical measures: Encryption (HTTPS/TLS), hashed passwords, PCI DSS compliance for payments, firewalls, intrusion detection, access control.

  • Organizational measures: Internal policies, staff training, role-based access, confidentiality agreements with employees and contractors.

  • Incident response: We have procedures to detect and respond to data breaches. If a breach occurs that poses risks to your rights, we will notify affected individuals and regulators as required by law (e.g., within 72 hours for GDPR).

  • Your responsibility: Use strong passwords, enable 2FA if available, secure your login credentials, and be cautious of phishing.
     

Absolute security cannot be guaranteed, but we strive to maintain a high level of protection and promptly address vulnerabilities or threats.

11. Cookies and Tracking Technologies

Our websites and apps use cookies and similar tools (like pixels, local storage) to:
 

  • Enable essential site functionalities (session management, etc.).
     

  • Analyze usage (e.g., Google Analytics).
     

  • Provide certain optional features or remember your preferences.
     

See our Cookie Policy for full details. You can manage cookies via our cookie consent banner or your browser settings. Declining cookies may affect site performance. We do not currently respond to “Do Not Track” signals in browsers; we provide direct opt-outs instead.

12. Additional Notices for Specific Regions

12.1 California (CCPA/CPRA)

For California residents (“Consumers”):

  • Categories of personal information collected over the last 12 months: Identifiers (name, email, IP), commercial info (purchases), internet/e-device data, geolocation (approx by IP), etc. from sources: you, your device, or verifying agencies for KYC.

  • Purposes: As explained in this Privacy Policy (fulfilling orders, security, etc.).

  • Disclosure: We do not “sell” or “share” personal data under CCPA definitions. We only disclose data to our service providers for business purposes.

  • Rights: Access (know), delete, correct (fix inaccuracy), opt-out of sale/sharing (though we do not sell), no discrimination. See section 9 for exercising these rights.

  • Shine the Light: We do not disclose personal data to third parties for their direct marketing, so no specific list applies.
     

12.2 EU/EEA and UK

We comply with GDPR. Our representative in the EU (if required by Art. 27 GDPR) is [Name, address in EU], email [rep@company.com]. You can contact them or our DPO about any GDPR queries. EU/UK users can lodge complaints with their local Data Protection Authority or the authority in [the Member State of your main EU establishment].

12.3 UAE PDPL

We operate under UAE law, including the UAE Personal Data Protection Law (PDPL). For cross-border transfers from UAE, we implement appropriate measures. You can contact the UAE Data Office if unresolved. Where required, we appoint a Data Protection Officer. See contacts below.

12.4 Other Jurisdictions

We strive to align with major data protection laws (e.g., PIPEDA in Canada, LGPD in Brazil, etc.). If you have concerns about local requirements, contact us (Section 14).

13. Changes to this Policy

We may update this Privacy Policy occasionally to reflect service enhancements or new legal obligations.

  • Last Updated date: stated at the top.
     

  • Notice of material changes: If significant changes alter how we handle data, we’ll notify you (e.g., via email or dashboard alert) and possibly request consent if required.
     

  • By continuing to use our services after an updated Policy takes effect, you accept the changes (unless additional consent is mandated).

14. Contact Us

For any questions, requests, or concerns about this Privacy Policy or our data handling practices, please reach out:
 

  • LOCAL BRIDGE SOLUTIONS - FZCO
     

  • Address: IFZA Business Park, DDP, PO Box 342001, Dubai, United Arab Emirates
     

  • Email: business@localbridge.com
     

We will respond as promptly as possible to address any inquiry or exercise of rights. Thank you for trusting us with your personal data.

 

 

© 2025, LOCAL BRIDGE SOLUTIONS - FZCO. All rights reserved.

bottom of page