Registration
Search
Menu
Registration

Privacy Policy

(Last updated: October 2025)

1. General provisions

This Privacy Policy (hereinafter referred to as the “Policy” ) defines the procedure for collecting, using, storing, transferring and protecting personal data of users of the Ratetik portal (hereinafter referred to as the “Portal”, “Service” ), which is operated by TCC LLC FZ, registered in the Dubai Free Economic Zone, United Arab Emirates (hereinafter referred to as the “Company”, “We”, “Operator” ).

By using the Portal, you (hereinafter referred to as the "User" ) confirm that you have read, understood, and agree to the terms of this Policy. If you do not agree with any part of it, please refrain from using the Portal.


2. Legal status of the data controller

Personal data controller:
 TCC LLC FZ
 Free Zone License No.: 2311880.01Jurisdiction: Dubai, United Arab Emirates 

Email for data inquiries: support@ratetik.com


3. What data do we collect?

The Company collects only personal data that is necessary, proportionate and justified for the purposes set out in this Policy, in accordance with Federal Decree Law No. 45 of 2021 (PDPL UAE) and the principles of lawfulness, fairness, minimization and purpose limitation of processing. Collection occurs exclusively with the consent of the User or in cases provided for by law.

We may collect and process the following categories of personal data:

3.1. Data provided by the User

  • First name, last name, nickname or company name;
  • E-mail address;
  • Phone number;
  • Password (in encrypted form);
  • Profile photo or company logo;
  • Payment information (via integrated payment services Stripe, PayPal or others);
  • Any other information that you voluntarily provide when creating an account, writing a review, or filling out forms on the Portal.

3.2. Data collected automatically

  • IP address, device type, browser, language;
  • Date and time of visit;
  • Geolocation (if allowed in the browser or mobile device);
  • Cookie data, log files, and history of interaction with the site;
  • Information about the source of traffic (referral links, advertising campaigns, etc.).

3.3. Data from third-party integrations

If you log in via Google or Facebook, we receive basic profile data (name, email, profile picture, user ID), solely within the limits of the permissions granted by these services via OAuth 2.0.


4. Purpose of collecting and processing personal data

The purpose of collecting and processing personal data is to ensure the lawful, transparent, and secure functioning of the Ratetik Portal in accordance with the requirements of the PDPL UAE and the principles of good information governance. Data processing is carried out only on clearly defined and lawful grounds, including:

  • fulfillment of contractual obligations between the Company and the User, including providing access to the Portal's functionality, services, paid subscriptions, and feedback tools;
  • compliance with legal obligations imposed by the laws of the UAE or other competent jurisdictions, including financial monitoring, reporting, tax, and accounting requirements;
  • protecting the Company's legitimate interests, such as ensuring the security of IT infrastructure, preventing fraud, detecting abuse or unauthorized access;
  • implementation of marketing and communication initiatives (sending newsletters, updates, special offers), subject to prior voluntary consent of the User;
  • improving user experience, analytics of service usage, adapting the interface and content to the individual needs of Users;
  • ensuring compliance with decisions of courts, authorities or regulators, if such a requirement is mandatory;
  • creating statistical and analytical reports based on depersonalized data that does not allow for the identification of a specific person.

Personal data is not processed for a purpose incompatible with the initial purposes of collection, without obtaining the additional explicit consent of the User.


5. Use of cookies

The Company uses cookies, web beacons and similar tracking technologies to collect technical information about the User's visit to the Portal. These technologies are used in accordance with the principles of PDPL UAE and international data protection standards to ensure the proper functioning, security and personalization of the services.

5.1. Cookie categories

  • Necessary cookies — ensure the basic operation of the site (authentication, navigation, security). Disabling these files may result in limited access to some features.
  • Analytical cookies - collect statistical data on page visits, time spent on them, transitions, etc. In particular, Google Analytics, Meta Pixel and similar tools are used.
  • Functional cookies - store the User's individual settings (language, region, Google/Facebook login method) to improve the user experience.
  • Marketing cookies - allow you to display personalized advertising based on the interests and previous actions of the User on and off the site.

5.2. Grounds for processing and User consent

The use of cookies that are not technically necessary is carried out only with the explicit, voluntary consent of the User, provided during the first visit to the site via a banner or a corresponding form. Consent can be withdrawn at any time by changing the browser settings or using the cookie management tools on the site.

5.3. Cookie management

The User has the right to limit or completely disable cookies in his browser settings. However, some functions of the Portal may not work correctly without the necessary cookies. The Company is not responsible for failures caused by complete blocking of cookies.

5.4. Storage and transfer of cookie data

The storage period of cookies depends on their type and purpose - from session (stored until the browser is closed) to persistent (up to 12 months). Cookie data may be transferred to external analytics providers or advertising partners only in aggregate form and without identifying a specific user.


6. Payment processing

The company pays special attention to the security of financial transactions and payment data processing. All payment transactions are carried out exclusively through certified payment service providers ( Stripe, or other licensed PSPs) that comply with international security standards PCI DSS (Payment Card Industry Data Security Standard) and other regulatory requirements in the field of payment information protection.

6.1. Principles of payment data processing

  • All transmitted payment data is encrypted using modern SSL/TLS algorithms to prevent unauthorized access.
  • The company does not have direct access to full bank card details, including card numbers, CVV codes, or expiration dates.
  • Payment gateways provide tokenization - the conversion of payment card data into a unique token that can only be used to identify the transaction without disclosing payment information.

6.2. Recurring payments and subscriptions

With the User's consent, the Portal may store tokenized identifiers for automatic renewal of subscriptions or recurring payments. The User has the right to disable automatic debiting at any time in the account settings or by contacting support.

6.3. Third party liability

Payment service providers are independent controllers of personal data within the scope of their obligations. They are fully responsible for processing and protecting financial information in accordance with their own privacy policies and regulatory requirements.

6.4. Storage and retention period of payment data

The company does not store users' financial details. Transaction information (date, amount, payment ID, payment method) is only stored for accounting or audit purposes for the period stipulated by UAE law, after which the data is securely deleted or archived in an anonymized form.

6.5. Protection of user rights

In case of any disputes, double debits or technical errors in making payments, the User has the right to submit a written request to support@ratetik.com . The Company undertakes to consider the request within 10 business days and cooperate with the payment provider to resolve the issue in accordance with the chargeback or refund procedure.


7. Transfer of personal data to third parties

The Company may transfer personal data to third parties only if there are lawful grounds clearly defined in the UAE PDPL, GDPR or other applicable law. The transfer of data is carried out taking into account the principles of minimization, necessity, proportionality and confidentiality.

7.1. Categories of data recipients

The transfer of personal data may occur in the following cases:

  • Processors are companies acting on behalf of the Company to ensure the functioning of the Portal (hosting, technical support, analytics, marketing, payment solutions, cybersecurity systems providers). Data Processing Agreements are concluded with all such counterparties, which oblige them to adhere to confidentiality and security standards no lower than those established by the Company.
  • Legal advisors, auditors, consultants, authorities and regulators - in cases where the transfer is necessary to comply with legal obligations, court decisions, requests from competent authorities or to protect the rights and legitimate interests of the Company.
  • Financial institutions and payment operators - within the scope of conducting transactions, refunds or fraud prevention.
  • Partners or affiliates of the Company - in cases of joint projects, integrations or joint programs, subject to the conclusion of confidentiality agreements (NDA) and limitation of processing purposes.
  • In the event of a business reorganization, merger, acquisition, or sale of assets , data may be transferred to the successor only after ensuring an appropriate level of protection of personal information.

7.2. Territorial data transfer

If data is transferred outside the United Arab Emirates, the Company ensures compliance with the requirements of the UAE PDPL regarding cross-border data transfers, including:

  • by concluding Standard Contractual Clauses (SCCs);
  • obtaining the User's written consent, if required by law;
  • checking the availability of an adequate level of data protection in the recipient country.

7.3. Warranties and obligations of third parties

Each recipient of personal data is obliged to:

  • use the data exclusively for the purpose specified in the relevant agreement with the Company;
  • ensure technical and organizational security measures in accordance with international standards (ISO/IEC 27001, PCI DSS, etc.);
  • not to transfer data to other entities without the prior written consent of the Company;
  • immediately notify the Company of any incidents or data security breaches.

The Company conducts periodic audits of its contractors to monitor their compliance with confidentiality requirements. All third parties are jointly and severally liable for violations of the terms of confidentiality and security of personal data.


8. Data storage

The Company ensures that personal data is stored in accordance with the principles of PDPL UAE, GDPR and other applicable regulations, adhering to the principles of minimization, proportionality, purpose limitation and security. All data is stored in secure data centers located within the United Arab Emirates or in other jurisdictions with an adequate level of data protection.

8.1. Storage periods

  • Personal data is retained only for the time necessary to achieve the purposes for which it was collected, or for the period expressly provided for by law or regulatory requirements.
  • Account data is stored for the entire time of using the Portal and is deleted within 90 days after the User deletes the account or after the completion of legal or financial obligations.
  • Data related to financial transactions, accounting or auditing may be retained for up to 10 years under UAE law.
  • Backups may be retained for an additional 12 months after information is deleted from the active database for security and system recovery purposes.

8.2. Storage and protection methods

  • Data is stored in encrypted form using AES-256 encryption standards and SSL/TLS protocols;
  • Access to personal data is limited to authorized employees who have the appropriate level of clearance;
  • Storage systems undergo regular security audits, penetration testing, and backups;
  • Multi-level access control, event logging, and monitoring of unauthorized access attempts are used.

8.3. Anonymization and deletion of data

After the storage period has expired or the processing purposes have been achieved, the Company:

  • deletes personal data without the possibility of further recovery;
  • or applies an anonymization (de-identification) procedure, making it impossible to identify the User.

Deletion or anonymization is carried out taking into account technical and legal requirements, and is also confirmed by the Company's relevant internal acts on data destruction.


9. Data protection

The company pays special attention to ensuring the confidentiality, integrity and availability of personal data. Information protection is carried out based on the security principles stipulated by PDPL UAE, GDPR and international standards ISO/IEC 27001, ISO/IEC 27701 and PCI DSS.

9.1. Technical safety measures

  • Encryption : all data transmitted between the User's browser and the Portal servers is protected using SSL/TLS protocols with modern encryption algorithms (AES-256). Data in the databases is stored in encrypted form.
  • Multi-level authentication system : access to the administrative panel and internal Company systems is protected by two-factor authentication (2FA) and a complex password policy.
  • Access control : A role-based access model (RBAC) has been implemented, limiting the ability to view and modify data only to authorized employees.
  • Protection against unauthorized access : a firewall, intrusion detection systems (IDS/IPS), antivirus protection, and constant monitoring of security logs are used.
  • Backup : Regular backups of critical data are created and stored in encrypted format on separate, geographically dispersed servers.

9.2. Organizational security measures

  • The Company's employees undergo mandatory training on privacy, cybersecurity, and proper handling of personal data.
  • Access to personal information is provided exclusively to authorized persons who have signed non-disclosure agreements (NDAs).
  • The company implements policies for risk management, incident response, event log retention, and system security controls.
  • Regular security audits, penetration testing, and independent verification of compliance with the UAE PDPL requirements are conducted.

9.3. Responding to security incidents

In the event of a data breach (Data Breach), the Company:

  • immediately records the incident and takes measures to localize it;
  • conducts an internal investigation into the causes and scope of the incident;
  • notifies the competent regulator (UAE Data Office) within 72 hours of detecting the incident;
  • informs Users whose data may have been compromised as soon as possible;
  • takes measures to restore system security and prevent a recurrence of the incident.

9.4. Liability and limitations

The Company takes all reasonable and proportionate measures to protect personal data; however, no system can guarantee absolute security. The User acknowledges that data transmission over the Internet is always associated with a certain risk, and uses the Portal at his own discretion.


10. User rights

The User has all the rights provided for in Federal Decree-Law No. 45 of 2021 (PDPL UAE), the EU General Data Protection Regulation (GDPR) and other applicable privacy laws. The Company ensures the exercise of Users' rights in full, transparently and without discrimination.

10.1. Basic rights of the User

  • Right of access – The User has the right to receive confirmation of the processing of their personal data, as well as a copy of such data and information about the purpose, categories, terms and sources of processing.
  • Right to rectification – if personal data is inaccurate, outdated or incomplete, the User has the right to request its clarification or correction.
  • Right to erasure ("right to be forgotten") - The User may request the deletion of their personal data if they are no longer necessary for the purposes for which they were collected, or if consent to their processing has been withdrawn, except in cases where retention is required by law.
  • Right to restriction of processing – The User may request temporary or complete cessation of the processing of their data in the event of a dispute regarding its accuracy, legality, or until the objection is verified.
  • Right to object – The User has the right to object to the processing of their data for marketing, statistical or automated decisions (including profiling).
  • Right to data portability – The User may receive their personal data in a structured, machine-readable format and transmit them to another operator, if technically feasible.
  • Right to withdraw consent – The User has the right to withdraw previously provided consent to the processing of personal data at any time, without negative consequences for the use of the basic functions of the Portal.
  • Right to lodge a complaint – The User may lodge a complaint with the UAE Data Office or other competent supervisory authority in the event of a violation of their privacy rights.

10.2. Exercise of User rights

  • A request to exercise rights is sent by e-mail to the address: support@ratetik.com , indicating the essence of the request.
  • The company undertakes to confirm receipt of the request within 7 calendar days and provide a response or clarification no later than 30 days from the date of receipt.
  • In case of complexity of the request or the need for additional verification of the User's identity, the Company may extend the response period, but not more than 60 days , with a corresponding notification to the applicant.
  • To ensure data security, the Company may require confirmation of the User's identity before providing information or taking action upon request.

10.3. Restrictions on rights

The exercise of certain rights of the User may be temporarily or partially restricted only in cases expressly provided for by the legislation of the United Arab Emirates, international legal acts, as well as to ensure the legitimate interests of the state, the Company or third parties. Such restrictions apply exclusively to the extent necessary to achieve a legitimate goal and are subject to documentation.

10.3.1. Grounds for restriction of rights:

  • Legal obligations: if the restriction is necessary to comply with court decisions, regulatory authorities' orders, or to comply with the requirements of applicable law (for example, in the field of anti-money laundering, financial monitoring, tax reporting, etc.);
  • National security and public order: if the disclosure or exercise of certain rights may pose a risk to national security, defense, public order or the international obligations of the state;
  • Criminal investigation: if the processing or provision of data may hinder the investigation of criminal, administrative or financial offences;
  • Rights and freedoms of third parties: if fulfilling the User's request may violate the confidentiality, trade secrets or other legitimate interests of third parties;
  • Protection of the Company's legitimate interests: in cases where the exercise of a particular right may harm the Company's legitimate economic, financial or reputational interests, provided that such restriction does not conflict with the User's fundamental rights and freedoms.

10.3.2. Procedure for applying restrictions:

  • The decision on restrictions is made exclusively by an authorized official of the Company after legal analysis and documentary justification of the grounds.
  • The user is notified of the application of the restriction in writing or electronically, indicating the reasons, unless such notification is prohibited by law.
  • The restriction must be temporary and valid only for the period necessary to achieve the purpose of its application.
  • Upon termination of the grounds for restriction, the Company immediately restores the full scope of the User's rights.

10.3.3. Principles of application of restrictions:

Any restriction of rights:

  • must be proportional to the objective;
  • be based on legal grounds and be documented in the Company's internal documents;
  • must not interfere with the exercise of the User's fundamental rights guaranteed by the UAE Constitution, the UAE PDPL and international human rights agreements.

The Company guarantees that the application of any restrictions is carried out exclusively within the limits provided for by law, is justified, temporary, proportionate and properly documented.


11. Processing of children's data

The Company complies with the provisions of the PDPL UAE, the UN Convention on the Rights of the Child and other international instruments in the field of protection of minors. The Ratetik Portal is not intended for persons under the age of 18 , and the Company does not knowingly collect or process personal data of children.

11.1. Definition of concepts

  • “Child” as used in this Policy means an individual who has not reached the age of 18 or the age determined by the local law of the country of residence as the minimum age of majority.
  • "Parents or legal guardians" are persons who legally represent the rights and interests of a child in accordance with the law.

11.2. Company Policy on Processing Children's Data

  • Registration for an account on the Portal is only permitted to persons who have confirmed that they are 18 years of age or older.
  • The Company does not request, verify or process data from persons under the age of 18, except where such processing is expressly permitted or required by law (e.g. to comply with legal obligations).
  • If the Company discovers that a person under the age of 18 has provided personal data without the consent of their parents or legal guardians, this data will be immediately deleted or anonymized .

11.3. Consent of parents or legal representatives

  • In the event that the laws of a particular jurisdiction permit the processing of children's personal data only with parental consent, the Company requires appropriate written confirmation or electronic consent before collecting, using or transferring such data.
  • Parents have the right to request access, correction, or deletion of their child's data at any time.

11.4. Protection measures

  • The company implements technical and organizational measures to prevent the accidental collection, storage or transfer of data of persons under the age of 18.
  • Any appeals or requests regarding the processing of children's data are treated with priority and immediate response.

11.5. Notification of violations

If the User or the child's parents discover that their data has been provided to minors, they can immediately report this to the email address support@ratetik.com . The Company guarantees a prompt response, investigation of the circumstances and complete deletion of the relevant information.


12. International data transfers

The Company may transfer personal data outside the United Arab Emirates if necessary to provide services, hosting, technical support, analytics or to fulfill contractual obligations. Such transfer is carried out in accordance with the provisions of Federal Decree Law No. 45 of 2021 (PDPL UAE), the EU General Data Protection Regulation (GDPR) and other international acts regulating cross-border data flows.

12.1. Principles of international transfer

  • Data is transferred outside the country only when this is justified for technical, operational or contractual reasons and an adequate level of protection is ensured.
  • The Company ensures that all recipients of personal data abroad adhere to protection standards compatible with the UAE PDPL and have legal mechanisms in place to ensure an appropriate level of confidentiality.

12.2. Jurisdictions recognized as safe

Personal data may only be transferred to countries or organizations that have been deemed “adequate” by the UAE Data Office or other competent authorities. Such countries include jurisdictions that provide a level of data protection comparable to that of the UAE (e.g. EU countries, UK, Canada, Switzerland, etc.).

12.3. Legal protection mechanisms

In cases where data is transferred to countries that do not have a recognized adequate level of protection, the Company applies one or more of the following mechanisms:

  • conclusion of Standard Contractual Clauses (SCCs) or equivalent agreements approved by the authorized body of the UAE;
  • obtaining the User's explicit written consent to the transfer of data after being informed about possible risks;
  • implementation of intragroup data processing rules (Binding Corporate Rules, BCRs) within affiliated companies;
  • application of contractual guarantees of confidentiality, limitation of processing purposes and technical data protection.

12.4. Additional warranties and obligations

  • The company requires all foreign partners to provide documentary evidence of compliance with the UAE PDPL or equivalent legislation.
  • Any transfer is carried out taking into account the principles of necessity, proportionality and minimization of the volume of data transferred.
  • In the event of a breach of confidentiality or unauthorized transfer abroad, the Company is obliged to report the incident to the regulator and the User in accordance with Section 9.3 of this Policy.

The Company guarantees that international data transfer does not reduce the level of protection of the User's personal information and is always accompanied by appropriate contractual, technical and organizational security measures.


13. External links

The Portal may contain hyperlinks, banners or widgets leading to third-party websites, services or resources owned or controlled by third parties (companies, partners, advertisers, content providers). Such links are provided solely for the convenience of the User and do not imply the Company's approval or recommendation of the relevant resources.

13.1. Disclaimer

  • The Company does not control the privacy policies, terms of use, security, or content of third-party resources and is not responsible for the collection, use, or disclosure of personal data by such sites.
  • The User accesses third-party resources solely at his own risk, and the Company does not guarantee the safety, reliability or suitability of the information posted on such sites.

13.2. Recommendations to the User

  • Before providing any personal data to third-party resources, the User is advised to carefully read their privacy policy and terms of use.
  • The Company does not monitor or verify changes in third-party policies, so it is recommended to periodically check the relevance of these documents.

13.3. Interaction with third-party services

  • If the Portal integrates third-party functional elements or plugins (for example, the “Log in with Google” or “Share on Facebook” buttons), such interaction is subject to the privacy terms of the respective providers.
  • The Company is not responsible for the actions of third parties, even if a link to their services is present on the Portal.

The company recommends that users be careful when following external links and independently verify the authenticity and safety of such resources.


14. Changes to the Policy

The Company reserves the right to make changes, additions or updates to this Policy at any time if necessary to reflect changes in legislation, the Company's internal processes or the functioning of the Portal.

14.1. Procedure for updating the Policy

  • Any changes come into effect from the moment of publication of the updated version of the Policy on the official Ratetik website - www.ratetik.com , unless otherwise provided in the notice itself.
  • The Policy page always indicates the date of the last update , allowing Users to easily track changes.
  • In cases where the changes are of a material nature (for example, affecting the rights of Users or the principles of personal data processing), the Company undertakes to notify Users in advance via e-mail or notification in their personal account no less than 7 days before the changes come into force.

14.2. User's consent to the updated terms

  • Continued use of the Portal after the publication of the updated Policy means the User's unconditional agreement with its new provisions.
  • If the User does not agree to the updates, he has the right to stop using the Portal and request the deletion of his account and personal data in accordance with Section 10 of this Policy.

14.3. Archive of previous versions

The Company keeps an archive of previous editions of the Policy for at least 3 years to ensure transparency and the ability to verify the evolution of personal data processing rules.

The Company guarantees that all changes to the Policy will comply with the principles of legality, fairness, proportionality and transparency of personal data processing.


15. Contact information

For all questions related to personal data protection, you can contact:

TCC LLC FZ
Dubai, United Arab Emirates Email: support@ratetik.com
Website: www.ratetik.com


16. Jurisdiction and applicable law

This Policy is governed by the laws of the United Arab Emirates
All disputes shall be resolved in the competent courts of Dubai (unless otherwise provided by contract or law).