Back to Home
Last Updated: 09 October 2025

SMARTXCHANGE PLATFORM

Global Privacy Policy

Table of Contents

1. Data Collection: What, How, When & Why2. Additional Purposes of Data Use3. Legal Basis for Processing (Global)4. Data Sharing5. Data Transfers & Storage6. Data Retention7. User Rights Globally8. Security Measures9. Sensitive Data10. Marketing & Communications11. Third-Party Links & Tools12. Do Not Track (DNT)13. Children's Privacy14. User Obligations15. Changes to Policy16. Complaints & Contact17. Governing Law

At SmartXchange FZ-LLC ("SmartXchange," "we," "us," or "our"), trust, security, and compliance are at the core of our business. Our digital marketplace ("Platform") is designed to connect verified buyers and sellers ("Users") in trading electronics and IT products ("Goods").

In this process, we collect and process information that may be confidential or qualify as personal data ("Data") under applicable laws. Even though we primarily transact with legal entities, we recognize that some Data relates to identifiable individuals (e.g., directors, representatives, or employees) and treat it with the highest degree of care.

This Global Privacy Policy sets out how we collect, use, store, transfer, and protect Data worldwide. It is designed to help you understand:

  1. What Data is collected
  2. How and when it is collected
  3. Why it is collected
  4. How it is shared and stored
  5. What rights Users have globally
  6. How Users can exercise those rights

Your user agreement will be read along with these terms and conditions and the privacy policy set out below.

1. DATA COLLECTION: WHAT, HOW, WHEN & WHY

Type of DataSourcePurpose of Collection & Use
Business Information: Entity name, registration, trade license, VAT/TAX number, registered address, contact numbers, emails, authorized representative details, IP address.During account creation, onboarding, or KYC/AML verification.To verify entity, conduct due diligence, approve account, comply with KYC/AML, facilitate trade, marketing campaigns, and regulatory requirements.
Inventory Details: Goods description, specifications, approvals, quantity, location, pricing.When sellers list products on the Platform.To create catalogues, enable orders, coordinate logistics/QC, facilitate trade.
Shipment & Logistics: Warehouse/office addresses, contact person details, business hours.During order processing and delivery coordination.To manage logistics, QC, collection and delivery of Goods, dispute resolution.
Financial Data: Bank details, payment confirmations, credit references.Onboarding, order settlement, refunds, payments.To settle transactions, refunds, billing, and manage monetary relationships.
Tax & Compliance Data: VAT/TAX IDs, supporting documents.Registration and transaction stage.To comply with tax laws, provide rebates/refunds, fulfill legal obligations.
Activity Data: Browsing history, searches, viewed products, usage frequency.When Users access the Platform.To enhance user experience, improve services, manage platform traffic, detect suspicious activity.
Visuals & Recordings: Security CCTV, call recordings.At SmartXchange premises, or via customer service calls.For security, compliance, training, and dispute resolution.
Additional Data: Surveys, linked third-party accounts, forums.Voluntary participation with consent.For research, feedback, targeted marketing, service improvement.

2. ADDITIONAL PURPOSES OF DATA USE

  • To develop new services aligned with our marketplace.
  • To send promotions, offers, or industry updates (with consent where required).
  • To conduct fraud detection and investigations.
  • To improve user security, functionality, and support.
  • To notify Users of product recalls, compliance issues, or security incidents.

3. LEGAL BASIS FOR PROCESSING (GLOBAL)

Legal BasisExamples of Application
ConsentMarketing, promotions, surveys, research where explicit consent is required (GDPR, DPDP Act, PDPA).
Contractual NecessityAccount registration, order processing, payments, logistics.
Legal ObligationKYC/AML, sanctions screening, tax reporting, regulatory filings.
Legitimate InterestPlatform security, fraud prevention, analytics, business development, improving UX.

4. DATA SHARING

We do not sell Data. Data may be shared:

  • Within SmartXchange group companies for consolidated operations.
  • With service providers: payments, logistics, cloud hosting, analytics, auditors, legal advisors.
  • With business partners: verified buyers/sellers, banks, insurers.
  • With regulators: to comply with legal obligations (AML, sanctions, tax).
  • During corporate transactions (merger, acquisition, restructuring).

5. DATA TRANSFERS & STORAGE

Data may be transferred to servers outside the country of origin (including UAE, EU/EEA, USA, India, Singapore). Safeguards include:

  • Adequacy decisions (where applicable).
  • Standard Contractual Clauses (SCCs).
  • Binding Corporate Rules (BCRs).
  • Explicit consent where legally required.

6. DATA RETENTION

CategoryRetention Period
Account & Business DataActive account + 7 years
Transactions & Invoices10 years (regulatory requirement)
Communications5 years
KYC/AML Records10 years (UAE/FATF compliance)
Technical Logs12 months
Marketing DataUntil consent withdrawn

7. USER RIGHTS GLOBALLY

RegionRights Available
UAEAccess, correction, erasure, restriction, objection, portability (per UAE DP Law 2021).
EU/EEA & UKFull GDPR/UK GDPR rights: access, rectification, erasure, portability, objection, restriction, not to be subject to automated profiling.
US (California CCPA/CPRA)Right to know, delete, correct, opt-out of sale/sharing, non-discrimination.
India (DPDP Act 2023)Right to access, correction, erasure, grievance redressal, consent withdrawal.
Singapore (PDPA)Access, correction, withdraw consent, object to processing.
Other JurisdictionsRights provided under local applicable laws.

To exercise rights:

Email [email protected]

Responses within 30 days (extendable by law).

8. SECURITY MEASURES

  • Encryption (TLS, AES-256).
  • Tokenization of payments.
  • Multi-factor authentication.
  • Regular audits and penetration testing.
  • Role-based access & confidentiality agreements.

9. SENSITIVE DATA

SmartXchange does not intentionally collect sensitive personal data (e.g., race, religion, health, biometrics). If collected, it will be processed in compliance with applicable law and with explicit consent.

10. MARKETING & COMMUNICATIONS

  • Users can opt-in or opt-out of marketing communications at any time.
  • Marketing preferences can be updated via Platform settings or by contacting us.

11. THIRD-PARTY LINKS & TOOLS

Our Platform may include links to logistics, payment, or partner sites. We are not responsible for their privacy practices. Users should review third-party privacy policies.

12. DO NOT TRACK (DNT)

We do not currently respond to "Do Not Track" browser signals due to lack of an industry standard.

13. CHILDREN'S PRIVACY

Our Platform is for business use only and not intended for persons under 18. We do not knowingly collect minors' data.

14. USER OBLIGATIONS

Users must:

  • Keep account credentials secure.
  • Ensure data shared with us is accurate and up to date.
  • Immediately notify us in case of suspected unauthorized access.

15. CHANGES TO POLICY

We may update this Policy to reflect business or legal changes.

  • Material changes: Users notified via email & platform notice.
  • Minor updates: Published online with updated "Last Updated" date.

16. COMPLAINTS & CONTACT

  • General Queries: [email protected]
  • Complaints: May be lodged with UAE Data Office, EU Supervisory Authorities, or local regulators depending on jurisdiction.

17. GOVERNING LAW

This Privacy Policy is governed by the laws of Dubai, UAE, without prejudice to mandatory protections under other applicable laws.