Privacy Policy

We are committed to complying with applicable Data Protection Laws

DIFC Data Protection Policy

Last updated: 1 March 2021

Nexdigm Consulting Limited (DIFC) (collectively “Nexdigm”, “we” or “us”) values your security and privacy. NEXDIGM, as a DIFC registered entity, must comply with Data Protection Law, DIFC Law No. 5 of 2020 (the “DP Law”), and may for certain types of personal data processing, be subject to laws from other jurisdictions.

As such, it is the policy of NEXDIGM to respect the privacy of its website services and app users. In accordance with DIFC DP Law and as applicable our [Terms of Use], NEXDIGM collects information about you when you use or access our websites and other web-based products, information or services (collectively, the “Website Services”) as well as through other interactions and communications you have with us, such as through the NEXDIGM App (the “App”). This data protection policy (the “Policy") sets out the basis on which any information, including any personal data, we collect from you, or you provide to us, will be processed by NEXDIGM. Each time you access or use the Website Services or provide us with information, by doing so you are accepting and, where possible, consenting to the practices described in this Policy.

Scope and Application

This Policy applies to persons anywhere in the world who access or use NEXDIGM’s Website Services or the App (“Users”).

Collection of Information

Information you give us

This is information you give us about you by providing information or filling in forms on the App or any NEXDIGM-owned Website Services, or by corresponding with us (for example, by telephone, e-mail or any other digital or electronic form). It includes for example information you provide when you register using the NEXDIGM-provided online client portal, or download and register to use the App, search for the App in app stores (including but not limited to Apple App Store and Google Play Store), share data via the App's social media functions, and when you report a problem with the App, or any of our Website Services. If you contact us, NEXDIGM will keep at least an electronic record of such correspondence, including personal information shared at that time. The personal information you give us may include your name, address, e-mail address and phone number, certain device information, username, password, residential building, work address, photograph and other registration information you choose to provide (“Personal Information” or “Personal Data”).

The Website Services or App collect and process Personal Data for specific, lawful purposes only, or for the performance of tasks carried out in the interests of NEXDIGM.

The Website Services or App are not targeted, intended or expected to be of use to children. Apart from providing information for specific services or purposes, as directed by NEXDIGM processes, User-provided contributions of content or contact information regarding or about children are expressly prohibited.

Information we collect about you and your device

Each time you use our Website Services or App we will automatically collect the following information:

  • technical information, including the type of mobile device you use, a unique device identifier (for example, mobile network information, your mobile operating system, the type of mobile browser you use, device token, device type, time zone setting (“Device Information”);
  • details of your use of our Website Services or App including, but not limited to traffic data, weblogs and other communication data, and the resources that you access (“Log Information”).
  • location information, if the Website Services or App uses GPS technology to determine your current location. If you wish to use the particular feature, you may be asked to consent to your data being used for this purpose. You can alter your consent and sharing selections at any time via your mobile device settings.

Other Information We May Collect Through Your Use of the Website Services or the App

When you use any Website Services or the App, we may collect Personal Information as well as demographic information, for example information that you submit, or that we collect, which may include, but is not limited to, post code, hometown, gender, username, mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting, device location, IP address, SMS data, transaction information, age/birth date, browsing history information, searching history information, and registration history information (“Demographic Information”).

Use of Personal Data

We may use Personal Data which you provide to us or we collect from you to:

  • Provide, maintain, and improve our App and Website Services, including, for example, to facilitate payments, send receipts, provide products and services you request (and send related information about them), develop new features, provide customer support to Users, authenticate users, and send administrative messages, whether information or required by applicable law;
  • Perform internal administration and operations, including, for example, to prevent fraud and abuse of our Website Services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyze usage and activity trends;
  • Send you communications we think will be of interest to you, including information about products, services, promotions, news, and NEXDIGM events, where permissible under DIFC Laws and according to any other applicable laws;
  • Notify you about changes to our App and Website Services;
  • Allow you to participate in any interactive features of our App or Website Services;
  • Keep our App and Website Services safe and secure; and
  • Personalize and improve the Website Services, including to provide or recommend features, content, social connections, referrals, and advertisements.

Processing, Storage and Transfer of Personal Data

We will take all steps reasonably necessary to ensure your data is processed fairly and lawfully, in accordance with the DP Law, other applicable laws and this Policy. By submitting your Personal Data (including Log, Device and / or Demographic Information), you agree to such transfer, storing or processing in order for NEXDIGM to perform its general administrative and regulatory functions, including but not limited to responding to enquiries you raise via the App or Website Services or maintaining contacts for future informational or promotional activities. Unless otherwise notified, NEXDIGM does not ordinarily engage in automated decision making when processing your Personal Data.

You agree that we have the right to transfer the Personal Data described in this Policy to and from, and process and store it in, the United Arab Emirates and (where applicable or required) with processors in other countries, some of which may have less protective privacy laws than those where you reside. Where this is the case, we will take appropriate security measures to protect your Personal Data in accordance with this Policy. All information security policies are strictly enforced. Please see section 7 below for further details.

To preserve the integrity of our databases, to carry out on-going Website Services on behalf of all Users, for research, analytics and statistics purposes and to ensure compliance with applicable laws and regulations, we retain Personal Data submitted by Users for a reasonable length of time unless otherwise prescribed by applicable law. NEXDIGM is not responsible for the accuracy of the information you provide, and will modify or update your Personal Data in our databases upon your request, as further outlined below. We will erase or archive from active use your Personal Data upon request, unless we are required to retain it in accordance with NEXDIGM or other applicable laws or to perform agreed services. By accessing or using the App or Website Services, you do hereby represent and warrant that you understand that all information submitted by you through the App or Website Services or otherwise to NEXDIGM may be used by NEXDIGM in accordance with applicable laws and its policies.

Sharing of Personal Data

We may share Personal Data which we collect about you as described in this Policy or as described at the time of collection or sharing, including as follows:

Scope and Application

This Policy applies to persons anywhere in the world who access or use NEXDIGM’s Website Services or the App (“Users”).

Through Our Website Services or the App

We may share your Personal Data:

  • With third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us;
  • With third parties with whom you choose to let us share your Personal Data, for example other apps or websites that integrate with our API or Website Services, or those with an API or Service with which we integrate; and

Other Types of Data Sharing

We may share your Personal Data:

  • With NEXDIGM subsidiaries and affiliated entities;
  • With vendors, consultants, marketing and advertising partners, and other service providers who need access to such Personal Data to carry out work on our behalf or to perform a contract we enter into with them;
  • In response to a request for information by a competent authority or government entities if we determine that such disclosure is in accordance with, or is otherwise required by, any applicable law, regulation, or legal process;
  • With law enforcement officials, government entities or authorities, or other third parties as required by applicable law;
  • With third parties in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
  • If we otherwise notify you and you consent to the sharing;
  • With third parties in an aggregated and/or anonymized form which cannot reasonably be used to identify you

All sharing of Personal Data aligns to the extent possible with the NEXDIGM Government Data Sharing Policy, which is an internal NEXDIGM policy that governs fair and lawful sharing of Personal Data requested by government entities within the UAE and elsewhere.

Your Rights and Choices

Marketing and Opting Out

NEXDIGM supports Users’ legal rights to opt-out of receiving communications from us and our partners. You have the option to ask us not to process your Personal Data for marketing purposes and to remove it from our database, to not receive future communications or to no longer receive our App or Website Services.

You may change your preferences at any time.

Please note that we may continue to send you transactional or service-related e-mails despite your desire to not receive promotional or marketing e-mail messages. Additionally, please note that if you elect to opt-out of receiving promotional e-mails from one of our Website Services or the App, you may continue to receive promotional emails from our other websites, providers or other, non-affiliated marketers whose services you may have accessed via NEXDIGM Website Services or App.

Finally, while we may remove your individual contact information from our professional contacts database, please be aware that if such information is in a different third party's marketing directory through your request or election, you will need to request removal with such third party directly.

Access to and Correction of Your Personal Information

You have the right to access information held about you. Your right of access can be exercised in accordance with DIFC and other applicable laws. Any access request generally comes at no cost to you, but may, where permissible, be subject to a fee to meet any extraordinary administrative costs in providing you with details of the information we hold about you.

When you contact us about a potential Personal Data error, we will endeavor to confirm or verify the information in question, then correct verified inaccuracies and respond to the original inquiry. We will endeavor to send a correction notice to businesses or others whom we know to have received the inaccurate data, where required and / or appropriate. However, some third parties and third party sites may continue to process inaccurate data about you until their databases and display of data are refreshed in accordance with their update schedules, or until you contact them personally to ensure the correction is made in their own files.

You may also request that we restrict, erase or otherwise process your Personal Data in line with the relevant articles providing for such rights set out in the DP Law.

Changes to this Policy

We may change this Policy from time to time and without notice. If we make significant changes in the way we treat your Personal Data, or to the Policy, we will endeavor to provide you notice through the App or Website Services or by some other means, such as email. Your continued use of the App or Website Services after such notice constitutes your acceptance of the changes. We encourage you to periodically review this Policy for the latest information on our privacy practices. We provide links to it through:

  • The App or Website Services
  • Referencing it in our Terms of Use
  • Incorporating it into our contracts, agreements, and other documents as necessary or appropriate

Security Precautions

NEXDIGM makes every effort to ensure that your Personal Data is secure on its system. NEXDIGM has staff dedicated to maintaining our data protection and security policies, periodically reviewing them and making sure that NEXDIGM employees are aware of our data protection and security practices. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, NEXDIGM cannot warrant or guarantee the security of any Personal Data you transmit to us, and you do so at your own risk.

NEXDIGM has established policies and procedures for securely managing information and protecting Personal Data against unauthorized access. We continually assess our data privacy, information management and security practices. We do this in the following ways:

  • Establishing policies and procedures for securely managing information;
  • Limiting employee access to viewing only necessary information in order to perform his or her duties;
  • Protecting against unauthorized access to Personal Data by using data encryption, authentication and virus detection technology, as required;
  • Requiring service providers with whom we do business to comply with relevant data privacy legal and regulatory requirements;
  • Monitoring our websites through recognized online privacy and security organizations;
  • Conducting background checks on employees and providing training to our employees.

If you have any further questions about our security and processing activities, please contact the Data Protection team / Officer or refer to our [Terms of Use]. To the extent permitted by applicable law, NEXDIGM expressly disclaims any liability that may arise should any other third parties obtain the Personal Data you submit.


A cookie is a small text file that is unique to the web browser on your computer or mobile device, which is used to retain user preferences, and enhance browsing experience ("Cookie"). NEXDIGM uses Cookies to track overall site usage and enables us to provide a better user experience. We do not use Cookies to “see” other data on your computer or determine your email address.

Types of cookies we drop and the information collected using them include:


  • Google Tag Manager - helps make tag management simple, easy and reliable by allowing marketers and webmasters to deploy website tags all in one place.

Site Analytics

  • Google Analytics - gives website owners the digital analytics tools needed to analyse data from all touchpoints in one place, for a deeper understanding of the customer experience.
  • Pingdom - monitors sites and servers on the internet, alerting the website owners if any problems are detected.
  • Hotjar - by combining both analysis and feedback tools, Hotjar helps website owners understand what users want, care about and interact with on their website by visually representing their clicks, taps and scrolling behavior.


  • Twitter Advertising - enables website owners to track and measure the actions users take after viewing or engaging with ads on Twitter.
  • Facebook Advertising - lets website owners measure, optimize and build audiences for advertising campaigns.
  • LinkedIn Analytics – enables website owners to promote their company updates to targeted audiences on desktop, mobile, and tablet.

Most browsers accept and maintain Cookies by default. Check the ‘Help’ or ‘Settings’ menu of your browser to learn how to change your Cookie preferences. You can choose to alter Cookies settings related to the use of our Website Services, but this may limit your ability to access certain areas of the Website.

External Links

The Website and the App may contain links to other websites on the Internet that are owned and operated by third parties (the "External Sites"). These links are provided solely as a convenience to you and not as an endorsement by NEXDIGM of the contents of or reliability on such External Sites. You acknowledge that NEXDIGM is not responsible for the availability of, or the information and content of any External Site. You should contact the site administrator or webmaster for those External Sites if you have any concerns regarding such links or the content located on such external Sites. If you decide to access linked third party websites, you do so at your own risk. NEXDIGM does not accept liability, and shall not be liable to you for any loss or damage arising from or as a result of your acting upon the content of another website to which you may link from the Website Services or the App.

NEXDIGM Buildings Security

Building security records containing sign in and sign out information collected at the time of visiting and departing a NEXDIGM-owned building will be maintained in accordance with this Policy.

Contact Us

If you have any questions, comments and requests related to this Policy, or if you have any complaints related to how NEXDIGM processes your personal data, please contact DPO at

Alternatively you can contact us through our website.

Company Name: Nexdigm Consulting Ltd

Company Address: DIFC, Emirates Financial Towers, 503-C South Tower, DIFC, PO Box 507260, Dubai, UAE

ADGM Data Protection Policy


We have formulated this Privacy Policy to help you understand how we deal with the personal data collected from our employees, contractors, associates, vendors and clients.


This policy applies to employees, partners, contractors, associates, consultants, vendors, retainers, clients of Nexdigm Pvt. Ltd. and visitors to our website.

Policy Statement

We are committed to the protection and responsible use of your personal data and promotion of individual privacy rights. Through the use of appropriate administrative, physical, and technical safeguards, we strive to protect personally identifiable information that we maintain or disseminate to ensure that it is not obtained by unauthorized individuals or used in unauthorized ways.


We may collect, store, process, use, transfer and disclose such information about individuals (“Data Subjects”) which may constitute Personal Information including Sensitive Personal Data or Information under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 or Personal Data under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016) (“GDPR”) or any other applicable law. This policy explains the practices we follow with respect to collection, use, disclosure, transfer, security and protection of Personal Information, rights of Data Subjects, breach management and other related aspects.

Meaning And Collection Of Personal Data

"Personal Data" means any data relating to a Data Subject which is capable of identifying such Data Subject directly or indirectly such as name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. Personal Data will include Sensitive Personal Information and Special Categories of Personal Information unless otherwise stated. We will strive to ensure that Personal Data collected by us is adequate, relevant and limited to what is necessary in relation to the intended purpose.

We or any person or entity duly authorized on our behalf may collect a variety of Personal Data as required by us to fulfill our responsibilities and obligations as an employer, associate, client or service provider. Such Personal Data may be collected or received by us when you interact with us on our website, e-mail, mobile apps or other web-based applications or by way of personal, telephonic or audio-visual meetings or when you provide to us any documents containing your Personal Information. The Personal Data collected by us could include one or more of the following:

  • Name, birthdate, phone numbers, mailing address, email addresses, contact details, education documents, reference letters, relieving certificates, photographs, passwords to our portal, passport information;
  • Financial information such as bank account details, financial statements, permanent account number, annual income, details regarding payment instruments, tax deducted at source, service tax registration;
  • Physical, physiological and mental health condition, medical records and history;
  • Information gathered through use of bio-metrics such as fingerprints, eye retina, iris, voice patterns, facial recognition;
  • Professional certifications and registrations;
  • Disciplinary and grievance procedures, the results of credit and criminal background checks,
  • Voicemails, e-mails, correspondence and other work product and communications created, stored or transmitted by an employee using our computer or communications equipment;
  • Driving license number, vehicle registration number;
  • Information captured on security systems, including CCTV and key card entry systems;
  • Information provided by way of participation in surveys, enquiries, subscriptions and job applications

Consent For Personal Data

Where processing of Personal Data requires consent, we will obtain your written consent to collect, use and process your Personal Data. With respect to Personal Data disclosed to us by a data controller, we will contractually obligate the data controller to ensure compliance with all legal requirements relating to obtaining of consent. We will maintain and protect the appropriate security, integrity and confidentiality of such Personal Information. In case you refuse to provide the required Personal Data or withdraw your consent at any point of time, we shall have the discretion to discontinue, refuse or withdraw our services for which the information was sought. In case of our employees, associates, partners, consultants, contractors and retainers, we may terminate the employment or service contract or modify the terms of employment or service contract.

Use Of Personal Data

The Personal Data collected or received by us may be used or processed by us or any person or entity duly authorized by us for purposes including:

  • Administrative, operational and business purposes;
  • To execute our contractual obligations;
  • To process and respond to requests and queries;
  • Conducting market or customer satisfaction research;
  • Payment of salaries, fees or reimbursements into bank accounts;
  • Verification of certain information;
  • Providing individuals with information concerning products and services which we believe will be of interest;
  • Detection, investigation and prevention of fraud and other crimes or malpractice;
  • Providing Personal Data to any person or entity engaged by us to render services relating to payment, human resources, accounting etc. to support our business activities on a ‘need to know’ basis;
  • Dealing with requests, enquiries or complaints and other client related activities;
  • Carrying out activities connected with the running of our business such as personnel training, quality control and in connection with the transfer of any part of our business
  • Addressing network integrity and security issues;
  • Protecting our networks and security systems, including monitoring and detection of potential threats, such as hacking, virus dissemination and other security vulnerabilities;
  • Making available Personal Data to governmental or regulatory authorities or to a court or judicial officer as may be required under applicable law;
  • Carrying out any activity in connection with a legal, governmental or regulatory requirement, for the purpose of compliance of a legal obligation in connection with legal proceedings under applicable law including cyber incidents, prosecution, and punishment for offenses, protecting and defending our rights or property or to protect another person’s safety, or to help investigations, monitor or prevent or take action regarding unlawful and illegal activities, suspected fraud, potential threat to the safety or security of any person;
  • Recording and monitoring electronic communications, to the extent permitted by applicable law, to ensure compliance with our legal and regulatory obligations and internal policies and for the purposes outlined above;
  • Evaluate applications for employment;
  • Manage all aspects of an employee’s employment relationship, including, but not limited to, payroll, benefits, corporate travel and other reimbursable expenses, development and training, absence monitoring, performance appraisal, disciplinary and grievance processes and other general administrative and human resource related processes;
  • Develop manpower and succession plans;
  • Protect the safety and security of staff and property including taking measures to facilitate assistance and support in case of emergency such as inserting contact numbers, blood group details on identity cards
  • Administer formalities with respect to termination of employment;
  • Provide and maintain references;
  • Maintain emergency contact and beneficiary details.

Processing for the purposes of this policy refers to online and offline processing and includes activities such as copying, filing, and feeding information into a database. We maintain Personal Data in an organised and easily accessible manner. We will use the Personal Data only for the purpose for which it has been collected.

Disclosure Of Personal Data

We may at times disclose and/or transfer Personal Data to third parties in cases where it is necessary for discharging our contractual obligations and/or providing services to you and/or if you have consented for the same. We may, on a need basis, disclose and/or transfer Personal Data to:

  • associates, affiliates, partners, other persons or bodies corporate to enable them to provide services to you on our behalf or provide services to us or assist us in client engagements which involves receipt and collection of, receiving, processing, storing, dealing or handling personal information.
  • any relevant entity in the event of a reorganization, merger or sale;
  • any third party pursuant to a requirement of a governmental or regulatory body or an order of a court of competent jurisdiction or as may be required under applicable law.

If we outsource the processing of your Personal Data to third parties or provide your Personal Data to third party service providers, we will oblige those third parties to protect your Personal Data with appropriate security measures and prohibit them from using your Personal Data for their own purposes or from disclosing your Personal Data to others. We will adhere to consent and intimation requirements where your Personal Data is being shared with third parties.

Security Practices And Controls

We will take all reasonable steps to ensure that Personal Data is stored in a secure environment and protected from unauthorized access, modification or disclosure. We strive to keep the Personal Data secure through implementation of the security practices and controls.

Personal Data is stored using systems which have restricted access and which are housed in facilities with physical security measures. We have a comprehensive information security programmed documented in the form of our Information Security Policy (ISMS/Nexdigm SKP/CSP_0501) which contains managerial, technical, operational and physical security control measures. Our offices are ISO 27001, ISO 29100 and BS10012 certified to manage the security of Personal Data.

We have a designated Chief Information Security Officer responsible for operation and maintenance of our security programmed and controls to enforce the security policy and for providing advice and guidance on its implementation and maintenance.

Updation Of Personal Data

We strive to keep our records updated with latest and updated Personal Information. To enable this, you can ask us to update or change any Personal Data collected by us to enable us to meet the objectives stated above.

Retention Of Personal Data

We will retain Personal Data only for such period as may be required to observe, perform and comply with our obligations or as otherwise required under applicable law or practice.

Rights Of Data Subjects

Under GDPR (if applicable to you), you as a Data Subject have a number of rights with regard to your Personal Data that we want to summarily make you aware of:

  • Right to Access: As a Data Subject, you have the right to access your Personal Data being processed by us and understand the purpose, recipients to whom your Personal Data has been disclosed and the envisaged period of retention of Personal Information.
  • Right to Rectification: You have the right to rectify any inaccuracy in your Personal Data obtained and being processed by us.
  • Right to Erasure: You have the right to get your Personal Data erased on grounds of completion of purpose, withdrawal of consent, unlawful processing of data or pursuant to exercise of right to restrict processing or any statutory requirement.
  • Right to Restriction of Processing: You have the right to require us to restrict processing of your Personal Data on grounds where you contest the accuracy of the Personal Data being processed and in case of unlawful processing among others.
  • Right to Data Portability: You have the right to receive your Personal Data collected and being processed by us in a structured, commonly used and machine-readable format and have the right to transmit such Personal Data to another controller without any hindrance from us when processing of Personal Data is based on consent and where processing is carried out by automated means.
  • Right to object to processing: You have the right to object to the processing of your Personal Data on grounds and if such Personal Data is being processed for direct marketing purposes.
  • Right to lodge complaints: Where you believe that we have violated or presented a potential risk to your right to privacy, you have the right to lodge a complaint with the supervisory authority under the applicable regulations.
  • Right to withdraw consent: You may at any time withdraw your consent by writing to us at the below mentioned e-mail address.

You may exercise your rights by writing to us at Exercise of the above rights shall be in accordance with GDPR and other applicable regulations.

Data Protection Officer

Our Chief Information Security Officer (CISO) is also our Data Protection Officer and may be contacted at

Breach Management

We have an established Security and Privacy Incident Policy to outline various threats and vulnerabilities that may lead to breach of security and privacy of Personal Data and processes to guide and implement response to such incidents. In case of any privacy related concerns, feedback or grievance, you may contact us at

Changes To Policy

We may update our Privacy Policy from time to time. The updated policy will be posted on our website.

Join our mailing list To receive our latest insights

Inquire Now


Reach out to us at


Reach out to us at