Data Protection Policy

---

This policy applies to all personal data processed by HEARTT, regardless of the location of the data subject, including users, service providers, and website visitors. "Personal data" means any information relating to an identified or identifiable natural person.

• Lawfulness, Fairness, and Transparency: Data is processed legally, fairly, and with transparency.
• Purpose Limitation: Data is collected only for specified, legitimate purposes.
• Data Minimization: Only necessary data is collected.
• Accuracy: Data is kept up-to-date, with corrections made as needed.
• Storage Limitation: Data is retained only as long as necessary.
• Integrity and Confidentiality: Protection measures prevent unauthorized access, use, or disclosure.
• Accountability: HEARTT ensures compliance with these principles.

• Directly from users upon registration and profile creation.
• Information provided during service exchanges and interactions on the platform.
• Automatically through our website and platform (e.g., cookies, IP addresses, usage data), with appropriate consent where required.

• Facilitating service exchange between users.
• Managing user accounts and profiles.
• Providing customer support and communication.
• Improving the platform and user experience.
• Analyzing platform usage and trends.
• Ensuring the security and integrity of the platform.
• Complying with legal obligations.

•  Other users to facilitate service exchanges, with user-controlled visibility.
• Third-party service providers (e.g., IT support, payment processors) under strict data protection agreements.
• Legal authorities when required by law.

 Users have the right to:

• Access their data and confirm its processing.
• Rectify inaccuracies or incomplete information.
• Request erasure ("Right to be Forgotten") under certain conditions.
• Restrict processing in specific cases.
• Obtain data portability in a structured format.
• Object to data processing under certain conditions.
• Withdraw consent at any time.
• File complaints with relevant authorities.

HEARTT implements appropriate technical and organizational measures to protect personal data against unauthorized access, use, alteration, or disclosure. These measures include:

• Encryption and pseudonymization.
• Access controls and authentication.
• Regular security assessments and audits.
• Data breach response plan.

If HEARTT transfers personal data outside the UAE or UK, we will ensure adequate safeguards are in place, such as:

• Transfer to a country with an adequate level of data protection.
• Use of standard contractual clauses approved by the relevant authorities.
• Reliance on binding corporate rules.

HEARTT retains personal data only for as long as necessary for the specified purpose. We have data retention policies that define the retention periods for different types of data.

This policy will be reviewed and updated regularly to reflect changes in data protection laws and our data processing practices. We encourage data subjects to review this policy periodically. We will notify users of significant changes to this policy.