Privacy Policy

1. Introduction

Our Commitment to Your Privacy.

Sanad (also referred to as “we”, “our” and “us”) is committed to protecting your privacy and your Personal Data and minimizing the potential for its unauthorized use. Sanad acts as a “Data Controller” when Processing your Personal Data which means Sanad will decide on how to collect, Process and use your Personal Data.

Our relationship with you is our most important asset. We understand that you entrust us with your private information, and we do everything that we can to maintain that trust.

We protect the security and confidentiality of the Personal Data we receive and implement appropriate controls to ensure that such information is used for proper business purposes in connection with the management or servicing of our relationship with you.

The following data privacy principles guide our commitment to manage Personal Data carefully and responsibly:

Data Minimization – to only collect and Process Personal Data that is relevant and necessary to provide our services.
Transparency – to clearly explain how we collect, use, and share your Personal Data.
Purpose – to only use Personal Data for specified and legitimate business purposes.
Legal Compliance – to prioritize compliance with applicable data privacy and protection laws.

2. Information Collection

2.1 Personal Data. Sanad may collect Personal Data directly from you, from other Sanad Group companies, through our website or social media platforms, or via third parties. Such Personal Data may include personal identifiers such as your name, date of birth, national identification numbers, contact information, and other data required to be disclosed by law.
2.2 Usage Data. We may also collect technical information, such as IP addresses, device types and identifiers, browser versions, pages visited, time stamps and other diagnostic data, to support diagnostics, analytics and service delivery.
2.3 Cookies. We use “cookies” and similar tracking technologies to enhance user experience and analyze visitor usage patterns. Cookies are files with small amounts of data, which may include an anonymous unique identifier, and are sent to your browser from a website and stored on your device. Tracking technologies such as beacons, tags, and scripts may also be used to collect and track information and to improve and analyze our digital services. You can manage your cookie preferences by instructing your browser to disable all cookies or to indicate when a cookie is being sent. However, some service features may be limited if cookies are disabled.

3. Use of Personal Data

3.1 Sanad may collect, store, use and share your Personal Data for the following (non-exhaustive) purposes:

To provide and maintain the services we offer
To perform our contractual obligations
To comply with legal or regulatory obligations
To manage and maintain databases that store Personal Data
In connection with legal proceedings
To respond to your enquiries
To keep you informed about changes to our services
To analyze usage and performance data to improve our services
To detect, prevent and address technical issues.

3.2 The use of your Personal Data as described is necessary for our legitimate business interests or the legitimate interests of third parties, including (i) allowing Sanad to effectively and efficiently administer and manage the operation of its business, (ii) maintaining compliance with internal policies and procedures, and (iii) internal research purposes.

3.3 When required, Sanad will obtain your specific and informed consent (which may be written) before Processing certain categories of Personal Data. You may withdraw your consent at any time by contacting Sanad using the details listed below in Section 9 below.

3.4 Information on how to unsubscribe or opt out will be provided on every marketing email we send you. However, if at any stage you would like to update and/or correct your personal information, or opt-out of future marketing communications, you may do so by contacting us at the email provided below.

3.5 We do not sell your non-public Personal Data to anyone; nor do we provide such information to others, except for discrete and reasonable business purposes in connection with the servicing and management of our relationship with you, as discussed further below.

4. Disclosure of Data

4.1 Legal Requirements

Sanad may share or provide access to your Personal Data with its affiliates, business units, and third-party agents, service providers and contractors for the following purposes:

For the management and administration of Sanad’s business
To verify the information you have provided
To support Sanad’s HR function and decision-making processes
For the administration and maintenance of databases that store Personal Data
To obtain professional or operational services essential to Sanad’s business activities (including, but not limited to, accounting, administration, auditing, legal, IT and communications support.) These third parties will be subject to confidentiality obligations (whether contractual, professional or statutory) which require them to Process your Personal Data only for the purposes specified by Sanad
Where required by applicable law, regulation or internal policy (for example, Sanad is under a legal obligation to disclose your Personal Data such as compliance with statutory reporting and
disclosures to regulatory authorities or government agencies, or to establish, exercise or defend its legal rights
To competent regulatory or public authorities, where required, in order to demonstrate compliance with applicable laws or to respond to an official request.

Sanad may also share anonymous data with third parties, such as service providers, to facilitate our business operations.

5. Storage of Personal Data

5.1 Sanad does not store Personal Data in countries outside the UAE. However, when you provide your Personal Data to Sanad, you acknowledge and agree that certain Personal Data may be disclosed to recipients (including, but not limited to service providers, partners, vendors) located in jurisdictions other than your own.

6. Safeguarding Personal Data

6.1 The security of your Personal Data is important to us; but remember that no method of transmission over the internet or electronic storage is 100% secure. While we strive to implement appropriate technical measures to protect your Personal Data, we cannot guarantee its absolute security.
6.2 We will retain your Personal Data for as long as necessary to fulfill the purpose for which it was collected. For example, we will retain your information for as long as needed to provide you with our services. After that, we may retain your Personal Data for a period to manage or respond to any complaints, queries or concerns relating to those services. Your information may also be retained so that we can continue to improve your experience with us.
6.3 Sanad has implemented commercially reasonable controls and appropriate technical and organizational measures to protect Personal Data, as well as to maintain the security of our information and information systems relating to Personal Data.
6.4 Client files are protected with appropriate safeguards according to the sensitivity of the information they contain. Access to our computer systems is restricted and controlled to ensure only authorized personnel can access Personal Data. We also apply reasonable security measures to restrict physical access to Personal Data to authorized employees only.
6.5 When you contact a Sanad employee, you may be asked to confirm certain details relating to the Personal Data Sanad holds about you. This verification Process is designed to ensure that only you, or someone you have authorized, have access to your information.
6.6 The retention period for Personal Data is determined based on the following criteria:
- a. Purpose of Use – Sanad is required to retain Personal Data for as long as necessary to fulfill the purpose for which it was obtained, or any other legal purpose.
- b. Legal Obligations- applicable laws or regulations may require Sanad to retain your Personal Data for a minimum period.
- c. Depending on the requirements of the data protection laws of your jurisdiction, Sanad will take reasonable steps, in certain circumstances, to destroy or anonymize your Personal Data when there is no longer a legal basis to retain it.

7. YOUR RIGHTS

To the extent provided by the data privacy and protection laws of your jurisdiction, you may have legal rights in relation to your Personal Data held by Sanad.

These rights may include:

Right to Refuse or Object – the right to refuse to provide any Personal Data and the right to object at any time to the Processing of your Personal Data. Please note that such refusal or objection may limit or prevent us from providing certain services to you;
Right of Access – the right to obtain information regarding the Processing of your Personal Data and to access the Personal Data Sanad holds about you (including, where available, any information as to the source of the Personal Data);
Right to Withdraw Consent – where consent was provided for certain information processing activities, the right to withdraw your consent to the collection, Processing, use and disclosure of your Personal Data at any time. Withdrawal will not affect the lawfulness of any collection, Processing, use or disclosure undertaken prior to your withdrawal of consent. Please note that Sanad may still be entitled to Process your Personal Data if it has another legitimate reason (other than consent) or if a legal exception applies. In some cases, withdrawing your consent may limit our ability to provide certain services;
Right to Data Portability – in some circumstances, the right to receive your Personal Data in a structured, commonly used and machine-readable format and/or request that Sanad transmit that data to a third party where this is technically feasible. This right only applies to Personal Data that you have provided to Sanad;
Right to Rectification – the right to request the correction of any Personal Data held by Sanad that is inaccurate or incomplete;
Right to Object to Automated Decision Making – in some circumstances, the right to object to any decision based solely on automated Processing, including profiling, which produces legal or serious consequences concerning the Data Subject and to require such decision to be reviewed manually;
Right to Erasure – in some circumstances, the right to request that Sanad delete your Personal Data, and the right to be notified when such erasure, of data has occurred. Please note that Sanad may be legally permitted or required to retain certain Personal Data, even if such request is made;
Right to Non-Discrimination – the right to not be discriminated against as a result of exercising your rights under the applicable data protection laws. This includes not being denied any services, not being charged different prices or rates for such services and not receiving a lower quality of services as a result.

You can enquire about the rights which may be applicable to you by contacting Sanad using the details listed in Section 9.

8. Questions and Concerns

8.1 If you have any questions or concerns about our handling of your Personal Data, or about this Privacy Notice, please contact our Data Protection Officer using the contact information set out in Section 9.

8.2 We are typically able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Data Protection Officer, you may escalate concerns to the applicable privacy regulator in your jurisdiction.

9. CONTACT US

If you have any questions or comments about this Privacy Notice or the services provided by Sanad through this website, please contact us at:

Sanad Group
For the attention of the Data Protection Officer
PO Box 45005
Abu Dhabi, United Arab Emirates
Email: dataprivacy@sanad.ae

If you wish to submit a subject access request, please fill out DSAR Form

We encourage you to read this Privacy Notice, as well as the applicable Terms of Use, upon accessing our website services.

This Data Privacy Notice was last updated on 20 June 2025.

10. Glossary

Data Controller: An establishment or natural person that has Personal Data, and by virtue of its activity, determines whether individually or jointly with other persons or establishments, the method and criteria for Processing such Personal Data and the purpose of Processing it.

Data Protection Officer (DPO): An independent data protection expert who is responsible for advising Sanad on how to comply with legal requirements concerning personal data processing.

Data Subject: A natural person who is the subject of Personal Data; the individual to whom the Personal Data relates.

Data Subject Access Request (or DSAR): A request submitted by an individual or an individual’s legal representative to obtain information held by Sanad about that individual.

Process(ing): Any operation or set of operations which is performed upon Personal Data, whether by automatic means, such as collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Personal Data: Any data related to a specific natural person or related to a natural person that can be identified directly or indirectly by linking the data, through the use of identification elements such as their name, voice, image, identification number, electronic identifier, geographical location, or by one or more physical, physiological, economic, cultural or social characteristics. It includes Sensitive Personal Data such as names, addresses, phone numbers, IP addresses and biometric data.

Privacy Notice: A statement describing how a website or business collects, uses, processes, stores, and transfers personal information.

UAE Data Protection Law: United Arab Emirates Federal Decree Law No. (45) of 2021 Concerning the Protection of Personal Data, also known as the Data Protection Law constitutes an integrated framework to ensure the confidentiality of information and protect the privacy of individuals in the UAE.