Privacy Policy

VendorPot is fully compliant with international and GCC data protection laws, including:

• GDPR - General Data Protection Regulation (EU)
• UAE PDPL - UAE Personal Data Protection Law
• Saudi PDPL - Saudi Personal Data Protection Law
• Qatar PDPL - Qatar Personal Data Privacy Protection Law
• Bahrain PDPL - Bahrain Personal Data Protection Law
• DPDP Act - Digital Personal Data Protection Act (India)

Data Controller: VendorPot Limited
Address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.
Email: privacy@vendorpot.com
Data Protection Officer: dpo@vendorpot.com

We process your personal data based on:

• Consent: When you register and voluntarily use the platform
• Contract Performance: To provide the services you requested
• Legal Obligation: To comply with applicable laws and regulations
• Legitimate Interests: To improve our services and prevent fraud

• Facilitate connections between vendors and buyers
• Process transactions and manage accounts
• Send important notifications and updates
• Improve user experience and platform functionality
• Conduct analytics and market research
• Prevent fraud and ensure security
• Comply with legal and regulatory requirements

We never sell your personal data. We may share data with:

• Other Platform Parties: Sharing contact information when making inquiries or lead requests
• Service Providers: Cloud infrastructure, analytics, and payment processors
• Legal Authorities: When legally required or to protect our rights
• Business Transactions: In case of merger, acquisition, or asset sale

You have the following rights regarding your personal data:

We retain your personal data for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal and regulatory obligations
• Resolve disputes and enforce our agreements
• Prevent fraud and maintain security

We implement appropriate technical and organizational security measures to protect your data:

• Encryption in transit and at rest (TLS/SSL, AES-256)
• Access controls and multi-factor authentication
• Regular security audits and vulnerability assessments
• Employee training on data protection
• Secure data backups and disaster recovery
• Network monitoring and intrusion detection systems

In the event of a personal data breach likely to result in risks to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Inform affected individuals without undue delay
• Document the breach and our response
• Take steps to mitigate potential harm

We use cookies and similar tracking technologies to:

• Maintain your session and preferences
• Understand how you use the platform
• Improve performance and site functionality
• Provide personalized content and recommendations

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

VendorPot is a B2B platform designed for commercial use. We do not knowingly collect personal information from individuals under 18 years of age. If we learn that we have inadvertently collected data from a minor, we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the 'Last Updated' date. We will also send email notification for significant changes. Your continued use of the platform after such changes constitutes your acceptance of the updated policy.

If you believe our processing of your personal data violates data protection laws, you have the right to lodge a complaint with the relevant supervisory authority:

• UAE: UAE Data Office - tdra.gov.ae
• Saudi Arabia: Saudi Data & AI Authority (SDAIA) - sdaia.gov.sa
• Qatar: Ministry of Transport and Communications - motc.gov.qa
• EU/EEA: Your local data protection authority