Privacy Policy

The legal policy governing how FENU collects, processes, uses, shares, retains, and protects personal data and data associated with use of the Platform.

This Policy explains how FENU collects, processes, uses, shares, retains, and protects personal data and data associated with use of the Platform, whether relating to a Customer, a Service Provider, or an unregistered visitor, within the context of operating the Platform and managing accounts, services, requests, complaints, settlements, and all related functions.

The Company is referred to in this Policy as “FENU”, the “Platform”, or the “Company”, and the term “Data Subject” means any natural person whose personal data is processed, whether such person is a Customer, a Service Provider, or an unregistered visitor.

This Policy applies to the data we collect, receive, or process when visiting the website or app, creating an account, using the Platform, requesting a service, performing or managing a service, registering as a Service Provider, contacting support, or using technical tools associated with the Platform.

This Policy shall be read together with the Customer Terms and Conditions, the Service Provider Agreement, the Cancellation and Refund Policy, and any additional privacy notices or policies relating to a specific service, category, or channel.

Scope of Application

1. This Policy applies to data that we collect, receive, or process when:
   a. visiting the website or app;

   b. creating an account or using the Platform;

   c. requesting, performing, or managing a service;

   d. registering as a Service Provider or applying to join;

   e. contacting support or submitting a complaint or claim; and

   f. using technical tools associated with the Platform, including electronic records, verification mechanisms, and communications tools.
2. This Policy applies to:
   a. the Customer;

   b. the Service Provider;

   c. the unregistered visitor; and

   d. any other person whose data we lawfully receive in the context of operating the Platform.
3. This Policy shall be read together with:
   a. the Customer Terms and Conditions;

   b. the Service Provider Agreement;

   c. the Cancellation and Refund Policy; and

   d. any additional privacy notices or policies associated with a specific service, category, or channel.

Identity of the Data Controller and Contact Details

1. FENU acts as the data controller in relation to the personal data for which it determines the purposes and means of processing on the Platform.
2. In certain cases, FENU may engage technology, payment, messaging, hosting, or analytics providers acting as processors or as independent controllers, depending on the nature of the relevant service and the applicable legal relationship.
3. To exercise rights related to personal data or to submit a privacy inquiry or complaint, please contact: Admin@fenu.ae
4. If FENU appoints a Data Protection Officer or a designated privacy contact in the future, this Policy will be updated and the new contact details will be published.

Types of Data We May Collect

Purposes for Which We Process Data

1. Creating, managing, and documenting accounts.
2. Receiving and managing requests and bookings and matching customers with service providers.
3. Preparing quotations, scheduling appointments, and updating request status.
4. Verifying completion of the service, including by using OTP, administrative closure, or before/after proof, depending on the category or case.
5. Processing payments, settling entitlements, and managing refunds, deductions, and disputes.
6. Customer service, support, complaint review, and internal investigations.
7. Legal and regulatory compliance, fraud prevention, misuse prevention, and protection of the Platform and its users.
8. Improving services, digital experience, performance, internal analytics, and reporting.
9. Sending operational communications related to accounts, requests, security, or updates.
10. Sending marketing communications where legally permissible and supported by the appropriate legal basis.
11. Maintaining electronic records, proving rights, and defending or pursuing claims.
12. Managing onboarding, evaluation, compliance, and performance processes relating to service providers.

Legal Basis for Processing

Depending on the case, we rely on one or more of the following legal bases for processing:

1. Performance of a contract or taking steps prior to entering into a contract
   Where processing is necessary to create an account, process a request, connect the customer with a service provider, schedule a service, process payment, carry out settlement, verify completion, or provide support.
2. Compliance with a legal or regulatory obligation
   Where processing is necessary to comply with legal, judicial, regulatory, accounting, tax, or security requirements.
3. Consent
   Where law or the nature of processing requires consent, such as for certain marketing communications, certain non-essential tracking activities, or certain optional uses of data. FENU maintains an electronic record evidencing the time, method, and scope of consent where applicable.
4. Public interest or protection of vital interests
   Where processing is necessary to protect an important public interest or to protect the life, safety, or fundamental rights of the Data Subject or others in circumstances permitted by law.
5. Legitimate interests
   Where processing is necessary for legitimate purposes relating to Platform security, fraud prevention, systems protection, complaint review, non-marketing internal analytics, improvement of service reliability, and the establishment, exercise, or defence of legal rights and claims, provided that FENU’s or any third party’s interests do not override the Data Subject’s fundamental rights and freedoms, and provided that this basis is not used where law requires a more specific basis.

Rights of Data Subjects

Subject to applicable law and adopted policies, a Data Subject may have the following rights:

1. To access personal data and request information about what data we process.
2. To request correction or completion where data is inaccurate or incomplete.
3. To request erasure in cases permitted by law.
4. To request restriction or suspension of processing in cases provided by law.
5. To object to processing for direct marketing purposes.
6. To withdraw consent where processing is based on consent, without affecting the lawfulness of prior processing.
7. To obtain a copy of the data in a structured, machine-readable format and request transfer to another controller where technically feasible and where the legal conditions are satisfied.
8. To request an appropriate human review where FENU uses a decision based entirely on automated processing that produces legal effects or similarly significant effects on the Data Subject, to the extent permitted by law and the nature of the service.

To submit a request concerning these rights, the Data Subject may contact us at: Admin@fenu.ae

Sources of Data

1. The Data Subject directly;
2. Use of the Platform, app, or website;
3. A Service Provider or another customer in the context of a request or service execution;
4. Payment, messaging, verification, mapping, or technical systems providers;
5. Operational and electronic records generated through use of the Platform; and
6. Competent authorities or lawfully available sources where necessary and legally permitted.

Sharing and Disclosure of Data

We may share or disclose data, to the extent necessary and lawful, with:

1. Service Providers, in order to perform the Customer’s request;
2. Customers, to the extent necessary to enable service performance by the Service Provider;
3. Payment and financial service providers for processing payments, refunds, and settlements;
4. Technology, hosting, messaging, analytics, and support providers for operating, maintaining, and improving the Platform;
5. Governmental, judicial, regulatory, or security authorities where disclosure is legally required or made pursuant to an order issued by a competent authority;
6. Legal or professional advisers or auditors where necessary to protect rights or ensure compliance; and
7. Successors, affiliates, or parties involved in a restructuring or lawful business transfer, provided that data protection continues in accordance with applicable law.

We do not sell personal data as a standalone commodity, and we do not share it outside the legitimate purposes stated in this Policy.

Cross-Border Transfers

1. Operation of the Platform or use of service providers or infrastructure outside the UAE may result in certain data being transferred outside the United Arab Emirates.
2. Where cross-border transfer occurs, it shall be carried out in accordance with applicable law and the appropriate legal safeguards, conditions, or permitted cases, and only to the extent necessary for the legitimate purposes of this Policy.
3. Where transfer is connected to a technical provider, cloud provider, analytics tool, communications provider, or payment provider, it shall be limited to the data necessary for operation, processing, compliance, or protection.
4. In the absence of an adequacy decision or a specific regulatory framework defining the level of protection in the receiving jurisdiction, FENU shall seek to apply appropriate contractual safeguards or rely on one of the cases permitted by applicable law.

Data Retention Period

1. We retain personal data only for as long as necessary to fulfil the purposes of processing, or for the periods required by law, regulatory, accounting, or tax obligations, or as necessary for dispute resolution, protection of rights, or defence of claims.
2. After the appropriate retention period ends, we may:
   a. delete the data;

   b. anonymise the data; or

   c. archive or restrict access to the data where there is a legitimate need to do so.
3. Retention periods may vary depending on the nature of the relationship:
   a. unregistered visitor data may be retained for a comparatively shorter period;

   b. customer, request, and complaint data may be retained for a longer period; and

   c. service provider, compliance, and settlement data may continue to be retained as required by contractual and regulatory obligations.

Data Security

1. FENU implements appropriate technical and organisational measures to protect data against:
   a. unauthorised access;

   b. unlawful use;

   c. loss or damage; and

   d. unauthorised disclosure, alteration, or copying.
2. These measures may include, as appropriate, access controls, logs, backups, encryption or equivalent safeguards, internal reviews, operational controls, and need-to-know access limitations.
3. However, no system or data transmission can be guaranteed to be completely secure, and we therefore work to reduce risks and respond to them in a reasonable and proportionate manner.

Data Breach Notification

1. If a personal data breach or security incident occurs and is likely to affect the privacy, confidentiality, or security of the Data Subject’s data in a manner that may harm the Data Subject’s interests, FENU shall take the legally required steps, including notification where required or appropriate.
2. Notification may be made by email, message, in-app notice, or any other suitable means.
3. To the extent appropriate, the notification may include a general description of the incident, the nature of the affected data, the key steps taken or proposed, and any recommended actions to mitigate impact.
4. Where the breach arises from a service provider, technology partner, or third party, FENU shall coordinate with such party to contain and address the incident to the extent reasonably possible and in accordance with law.
5. Any notifications legally required to be made shall be addressed to the competent supervisory authority or any officially designated contact point in accordance with the system applicable at the time of the incident.

Cookies and Tracking

1. The Platform may use cookies or similar technologies to improve performance, remember user preferences, analyse usage, support security, and measure the effectiveness of certain features.
2. These may include:
   a. cookies necessary for operating the website or app;

   b. functional cookies to remember preferences;

   c. analytics or statistical cookies; and

   d. cookies related to performance measurement or campaigns where enabled.
3. Where the Platform uses cookies that are not strictly necessary under applicable law or regulation, users may be given the ability to manage, reject, or configure them through system settings, browser settings, or an appropriate notice tool, depending on the Platform architecture.
4. Disabling certain cookies may affect the functionality or ease of use of parts of the Platform.
5. If the Platform does not currently use non-essential analytics or tracking tools, this section may remain as a precautionary framework and may be updated upon activation of such tools.

Marketing Communications

1. We may send marketing communications to Customers or Service Providers where legally permitted and supported by the appropriate legal basis.
2. A Data Subject has the right to object to processing for direct marketing purposes or to unsubscribe from marketing communications through the designated method.
3. Unsubscribing from marketing communications does not affect operational, security, or contractual messages necessary to manage the account, requests, complaints, or compliance matters.
4. Where telemarketing channels or other channels requiring prior consent are used pursuant to applicable laws or decisions, FENU shall obtain prior express consent and retain a record that may be referred to as evidence of such consent where applicable.

Privacy of Before/After Proof and OTP

1. OTP and before/after proof materials may be used as operational and evidentiary tools to manage services, maintain quality, and resolve disputes.
2. Before/after proof must be limited to the part, location, or element directly related to the relevant service.
3. Photographs or recordings taken before or after execution may not be used for purposes unrelated to operations, quality, dispute management, or compliance unless supported by an appropriate legal basis.
4. Where proof materials incidentally contain personal data, such data shall be processed only to the extent necessary, with due regard to privacy and data minimisation.
5. No legal right of the Customer to complain, object, or seek remediation, refund, or compensation is waived by reason of OTP or administrative closure.

Children’s Data

1. The Platform is not principally directed to children who are below the legal age to independently enter into contracts or request services.
2. If it becomes apparent that we have collected personal data in circumstances requiring a different legal treatment due to age or legal capacity, we shall take appropriate steps to restrict, delete, or request suitable confirmations.
3. Where applicable, FENU shall comply with the relevant laws of the United Arab Emirates concerning child safety in the digital space, and may require age verification, parental consent, or restriction of certain services depending on the requirements of law or the nature of the service.

Amendments to the Policy

1. FENU may amend this Policy from time to time.
2. Amendments shall be published on the Platform and shall take effect from the date specified therein.
3. If amendments are material and significantly affect the rights or obligations of Data Subjects, notice shall be given through the appropriate means where required or appropriate.

Complaints and Privacy Requests

1. To submit a data rights request, privacy inquiry, or complaint, please contact: Admin@fenu.ae
2. The request should, to the extent possible, include:
   a. the name and contact details of the requester;

   b. the capacity in which the requester is acting;

   c. a description of the request or the right sought to be exercised; and

   d. any supporting documents required for verification or clarification.
3. FENU may request additional information to verify the identity or authority of the requester before acting on the request or disclosing data.
4. FENU aims to respond to privacy requests within a reasonable period not usually exceeding thirty (30) days from receipt of a request complete with the required information, unless the nature of the request or the law requires a different period.

Governing Law and Language

1. This Policy shall be interpreted in accordance with the laws in force in the United Arab Emirates, to the extent not inconsistent with any mandatory provisions applicable by law.
2. If a translated version of this Policy is made available in another language, the Arabic version shall prevail and govern in the event of any inconsistency, unless FENU expressly states otherwise.