Privacy Policy

Terms and Definitions Used in This Policy

"Personal Data" means any information relating to an identified or identifiable natural person (data subject), including but not limited to: first name, last name, contact details, account information, payment details, identification documents, online identifiers, technical data, as well as any other information that directly or indirectly allows a person to be identified.
"Data Subject" means any natural person whose Personal Data is processed by the Controller, including Website Users, clients, representatives of corporate clients and partners, persons registered in the Controller's online services, as well as persons sending requests via contact forms, messengers and other communication channels.
"Processing of Personal Data" means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, systematization, structuring, accumulation, storage, clarification, use, analysis, transfer, restriction, blocking, deletion, destruction, anonymization, as well as cross-border transfer.
"Controller" means MAIZON GROUP L.L.C-FZ, a free zone company incorporated and existing in accordance with the laws of the United Arab Emirates, which determines the purposes and means of Processing of Personal Data.
"Processor" means any legal or natural person, institution or other body which Processes Personal Data on behalf of the Controller on the basis of an appropriate contract or other legal ground.
"Confidentiality of Personal Data" means the obligation of the Controller, its employees, Processors and other persons having access to Personal Data not to disclose such data to third parties.
"Automated Processing of Personal Data" means Processing of Personal Data using information systems and computing facilities.
"Anonymization of Personal Data" means actions as a result of which it becomes impossible, without using additional information, to determine that Personal Data relates to a specific Data Subject.
"Cross-border Transfer of Personal Data" means transfer of Personal Data to the territory of another state or to an international organisation, including storage on servers located outside the UAE or providing remote access to Personal Data from outside the UAE.
"Website / Site" means the aggregate of information and other materials available on the Internet at https://bezebee.com, as well as other domains and subdomains administered by the Controller.
"Cookies" means small pieces of data sent by a web server and stored on the User's device, containing anonymized or personalized information about the User's actions on the Website and/or in online services.
"Applicable Law" means the applicable laws of the United Arab Emirates, including Federal Decree-Law № 45 of 2021 on the Protection of Personal Data (UAE Personal Data Protection Law, PDPL).

1. General Provisions

1.1. This Policy determines the procedure and conditions for Processing Personal Data provided by Data Subjects to the Controller in connection with the use of the Website, online services and services of the Controller, participation in marketing and other events, as well as under any forms of interaction with the Controller via the contacts indicated on the Website.

1.2. This Policy has been developed taking into account the requirements of Applicable Law of the UAE in the field of Personal Data protection and is intended to ensure proper protection of the rights and freedoms of Data Subjects, as well as transparency and predictability of the Controller's actions with respect to Processing of such data.

1.3. The current version of the Policy is a public document and is available on the Internet on the Website. The Controller is entitled to periodically update the Policy. The new version enters into force from the moment it is published on the Website.

1.4. By using the Website, online services and/or otherwise providing their Personal Data to the Controller, the Data Subject confirms that they have read this Policy and understand its provisions.

1.5. Conditions for Processing of Personal Data by the Controller

Processing of Personal Data is carried out on the basis of one or more legal grounds provided for by Applicable Law (including the Data Subject's consent, necessity for performance of a contract, fulfilment of legal obligations, protection of legitimate interests, and other grounds provided for by law).
Processing of Personal Data is limited to the achievement of specific, predetermined and lawful purposes.
Personal Data processed must be adequate, relevant and limited to what is necessary for the purposes of Processing.
The Controller takes reasonable measures to ensure the accuracy and relevance of Personal Data.
Personal Data is stored no longer than necessary for the purposes for which it is processed.

1.6. On the basis of a contract, the Controller may entrust Processing of Personal Data to Processors, subject to their compliance with confidentiality and Personal Data security requirements.

2. Legal Grounds for Processing Personal Data

2.1. The legal grounds for Processing Personal Data by the Controller, depending on the specific situation, are:

Consent of the Data Subject to the Processing of their Personal Data for one or more specific purposes.
Necessity for the performance of a contract to which the Data Subject is party.
Fulfilment of the Controller's legal obligations including in the field of accounting, tax regulation, AML/CFT, sanctions compliance and other regulatory requirements.
Protection of vital interests of the Data Subject or another person.
Necessity for the purposes of the legitimate interests of the Controller or third parties, subject to conducting a balancing test.
Other grounds expressly provided for by Applicable Law.

2.2. The Data Subject's consent may be expressed by registering an account, submitting a feedback form, accepting an offer or signing a contract that refers to this Policy, ticking a checkbox, or continuing to use the Website in the presence of an appropriate notice on the use of cookies.

2.3. The Data Subject has the right to withdraw their consent to Processing of Personal Data at any time. Withdrawal of consent does not affect the lawfulness of Processing carried out prior to such withdrawal.

3. Purposes, Scope and Retention Periods for Processing Personal Data

3.1. The Controller processes Personal Data only for purposes consistent with its business activities (corporate services, advertising, e-commerce and related consulting and support), as well as for the functioning of the Website and online services. Processing covers the following areas:

Registration and maintenance of accounts, provision of access to online services.
Processing of requests, enquiries and correspondence sent via the Website, messengers, email, by phone and other channels.
Conclusion and performance of contracts with natural persons and legal entities, conduct of settlements, recording of payments.
Identification and verification of clients (KYC/AML/CFT) and compliance with regulatory requirements.
Marketing communication and information about services and events.
Use of cookies, web analytics and improvement of the Website.
Ensuring security, prevention of fraud and protection of the Controller's rights.
Automated Processing and profiling for personalization of offers, fraud risk assessment and service quality improvement.

For each purpose the Controller processes a minimum necessary set of data — account data, contact details, identification documents, payment details, transaction history and technical data — and stores it only for the period necessary to achieve the purpose, unless a longer retention period is required by Applicable Law.

The Data Subject has the right not to be subject to decisions based solely on Automated Processing, including profiling, which produce legal effects concerning them, except where such decision is necessary for entering into or performance of a contract, is authorised by Applicable Law, or is based on explicit consent.

4. Collection, Processing, Storage, Protection, Transfer and Destruction of Personal Data

4.1. Procedure and conditions of Processing

Processing of Personal Data is carried out in compliance with the principles of lawfulness, fairness, transparency, purpose limitation and data minimisation.
The Controller may process Personal Data both by automated means and without the use of automation (on paper).
Personal Data is processed only to the extent and for as long as necessary to achieve specific purposes and fulfil obligations.
Upon achievement of the purposes of Processing, the Controller deletes or anonymizes Personal Data within a reasonable time, unless further storage is required by law.

4.2. Measures for protection of Personal Data

The Controller takes reasonable and sufficient organizational, technical and physical measures to protect Personal Data against unauthorised or unlawful access, alteration, disclosure, use, destruction, loss or other unlawful forms of Processing. The protection measures applied may include: access control to systems and databases; use of encryption and secure communication channels; deployment of firewalls and intrusion detection systems; monitoring and analysis of information security events; backup and recovery of data; regular updating of software and anti-virus protection; training of employees on confidentiality and data protection.

4.3. Transfer of Personal Data to third parties and Cross-border Transfer

The Controller may transfer Personal Data to third parties in the following cases:

To persons acting on behalf of the Controller as Processors (IT services, hosting, CRM systems, payment providers, marketing and analytics services, legal advisers, auditors).
To banks, payment organisations and financial service providers for the purpose of executing payments, refunds and other operations.
To government authorities and regulators of the UAE and other states where there are legal grounds for a request.
To persons providing legal protection services to the Controller.
In aggregated and anonymized form for analytical research, statistics, development and improvement of products and services.
To other third parties where the Data Subject has explicitly consented to such transfer.

The Controller may carry out Cross-border Transfer of Personal Data subject to one of the following conditions: the recipient country has an adequate level of protection approved by the UAE Data Office; standard contractual clauses have been concluded; explicit consent of the Data Subject has been obtained; the transfer is necessary for performance of a contract; or the transfer is carried out within the framework of binding corporate rules.

4.4. Sources of obtaining Personal Data

As a general rule, Personal Data is provided by the Data Subject to the Controller directly. In certain cases, the Controller may obtain Personal Data from corporate clients and partners, providers of payment and fintech services, open sources and public registers, or from third parties acting on behalf of the Data Subject.

5. Rights of Data Subjects, Obligations of the Controller and Data Subjects

5.1. Rights of the Data Subject

To the extent provided for by Applicable Law, the Data Subject has the right to:

Receive confirmation as to whether or not their Personal Data is being Processed and information regarding such Processing.
Request access to their Personal Data, including obtaining a copy.
Request clarification, rectification and updating of their Personal Data.
Request deletion (erasure) of their Personal Data in cases provided for by Applicable Law.
Request restriction of Processing of Personal Data.
Object to Processing of Personal Data for specific purposes, including direct marketing, at any time.
Receive their Personal Data in a structured, commonly used and machine-readable format (right to data portability).
Not be subject to decisions based solely on Automated Processing, including profiling.
Withdraw consent to Processing of Personal Data.
Lodge a complaint with the competent supervisory authority of the UAE.

The Controller undertakes to consider the Data Subject's request and provide a response within 30 calendar days from the date of receipt of the request, with a possible extension of up to 30 additional days where necessary.

5.2. Obligations of the Controller

Process Personal Data in accordance with Applicable Law and this Policy.
Provide the Data Subject with the necessary information on the Processing of Personal Data.
Ensure the accuracy, relevance and sufficiency of Personal Data being Processed.
Apply appropriate organizational and technical measures to protect Personal Data.
Notify the UAE Data Office of a Personal Data breach no later than 72 hours from the moment of detection.
Notify affected Data Subjects of a significant Personal Data breach without undue delay.
Cooperate with supervisory authorities in the field of Personal Data protection.
Consider requests and enquiries of Data Subjects within the time limits and in the manner established by law.
Cease Processing and/or delete Personal Data in cases and within the time limits provided for by Applicable Law.

5.3. Obligations of the Data Subject

Provide the Controller with accurate, correct and up-to-date information.
Promptly inform the Controller of any changes to their Personal Data.
Not violate the rights and legitimate interests of third parties when providing Personal Data.
Comply with the terms of contracts and rules for using the Website and the Controller's online services.
Upon detecting facts of compromise of their account, immediately notify the Controller.

6. Liability

6.1. The Controller is liable for compliance with the requirements of Applicable Law in the field of Personal Data protection and this Policy to the extent established by such law.

6.2. For violation of the rules for Processing Personal Data, the Controller and/or its officers may be held liable in accordance with Applicable Law and may be obliged to compensate the Data Subject for damage in cases established by law.

6.3. The Data Subject understands and agrees that in the event of providing inaccurate or outdated information, the Controller shall not be liable for consequences arising from the use of such information.

6.4. The Controller is not liable for the actions of third parties to whom the Data Subject independently discloses their data or with whom they interact through external websites and services.

7. Final Provisions

7.1. This Policy and relations related to Processing of Personal Data by the Controller are governed by the laws of the United Arab Emirates.

7.2. The Controller is entitled unilaterally to amend this Policy where necessary to align it with changes in Applicable Law or the Controller's internal procedures.

7.3. In the event of a conflict between the provisions of this Policy and the terms of a specific contract with a Data Subject, the provisions of such contract shall prevail, provided this does not contradict Applicable Law.

7.4. The Controller's services are not intended for independent use by persons under the age of 21 (in accordance with UAE civil majority legislation) without the consent of their legal representatives. The Controller does not knowingly collect or process Personal Data of minors without documented consent of parents or legal guardians.

7.5. The effective date of this Policy is the date of its publication on the Website. The history of amendments is available upon request of Data Subjects to the contact address specified in Section 8.

8. Controller Details

MAIZON GROUP L.L.C-FZ
License Number: 2423151.01
Registered / Office Address: Meydan Grandstand, Meydan Road, Nad Al Sheba, 6th Floor, Dubai, United Arab Emirates
Website: www.maizongroup.com/ru
E-mail: info@maizongroup.com
For exercising Data Subjects' rights: privacy@maizongroup.com
Phones: +971 50 693 0343 (UAE) / +357 95 903 806 (Cyprus)

Data Subjects are also entitled to lodge a complaint with the UAE Data Office (https://dataoffice.gov.ae) in case of violation of their rights.