Privacy

Privacy Policy

How NEXRAY & CO collects, uses, stores, and protects your personal data, compliant with GDPR, CCPA/CPRA, and the UAE PDPL.

Last updated 4 June 2026 ยท Effective 4 June 2026

Where the DIFC Data Protection Law No. 5 of 2020 applies, that law also governs.

Who We Are (Data Controller)

NEXRAY & CO (“NEXRAY,” “we,” “us”) is the data controller responsible for your personal data. We are a global digital solutions and branding agency operating from a global office in Dubai, United Arab Emirates.

  • Controller: NEXRAY & CO
  • Privacy Contact: privacy@nexray.co

Scope

This Policy explains how we collect, use, store, share, and protect personal data when you visit our website, engage our Services, or otherwise interact with us, and describes your rights and how to exercise them.

Personal Data We Collect

  • Identity & Contact Data: name, company, job title, email address, telephone number, billing details.
  • Engagement Data: project requirements, communications, correspondence, and content you provide.
  • Transaction Data: records of Services purchased and limited payment confirmation data. We do not collect or store full payment card numbers, these are handled by our payment processor (see Section 6).
  • Technical & Usage Data: IP address, browser type, device identifiers, operating system, pages viewed, referring URLs, and interactions, collected via cookies and similar technologies (see our Cookie Policy).
  • Marketing & Communications Data: your preferences in receiving marketing from us.

We do not intentionally collect special categories of sensitive data unless strictly necessary and with an appropriate legal basis.

How and Why We Use Your Data (Legal Bases)

PurposeLegal Basis (GDPR)
To provide and administer the Services and fulfil contractsPerformance of a contract
To process payments via our processorPerformance of a contract / Legitimate interests
To respond to enquiries and provide supportLegitimate interests / Pre-contractual steps
To send marketing communicationsConsent (or legitimate interests where permitted)
To improve and secure our website and ServicesLegitimate interests
To comply with legal and regulatory obligationsLegal obligation

Under the UAE PDPL and DIFC Data Protection Law, we rely on equivalent lawful bases, including consent, contractual necessity, and legitimate interests, as applicable.

Marketing Communications

Where required, we will obtain your consent before sending marketing communications. You may withdraw consent or unsubscribe at any time using the link in our emails or by contacting privacy@nexray.co.

Payment Processing

Payments are processed by Rapyd and/or other reputable third-party payment processors. These processors collect and process your payment information directly under their own privacy policies and security standards (including PCI-DSS). NEXRAY does not store full credit or debit card details on its servers. We receive only limited transaction data necessary to confirm and administer your purchase.

How We Share Your Data

We may share personal data with:

  • Service providers and processors acting on our behalf (e.g., hosting, analytics, email, CRM, payment processing), bound by contractual confidentiality and data-protection obligations.
  • Professional advisers (legal, accounting, insurance).
  • Authorities and regulators where required by law or to protect our rights.
  • Successors in the event of a merger, acquisition, or restructuring.

We do not sell your personal data. Under the CCPA/CPRA, we do not “sell” or “share” personal information for cross-context behavioural advertising without providing the required opt-out mechanism.

International Data Transfers

8.1. We operate globally from the United Arab Emirates. Your personal data may be transferred to, stored in, and processed in countries outside your country of residence, including outside the European Economic Area (EEA), the United Kingdom, and the UAE.

8.2. Where we transfer personal data internationally, we implement appropriate safeguards to ensure an adequate level of protection, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission (and the UK International Data Transfer Agreement / Addendum where relevant);
  • Transfers to jurisdictions recognised as providing adequate protection;
  • Contractual, technical, and organisational measures consistent with the UAE PDPL and DIFC Data Protection Law requirements for cross-border transfers; and
  • Your explicit consent, where applicable.

8.3. As a controller established in the UAE processing data globally, we apply protections designed to meet the highest applicable standard among the GDPR, CCPA/CPRA, and PDPL frameworks. You may request information about the specific safeguards applied by contacting privacy@nexray.co.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. When data is no longer needed, we securely delete or anonymise it.

Data Security

We implement appropriate technical and organisational measures, including encryption in transit, access controls, and secure hosting, to protect personal data against unauthorised access, loss, or misuse. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your Rights

Under GDPR / DIFC Law / PDPL

  • Right of access to your personal data.
  • Right to rectification of inaccurate data.
  • Right to erasure (“right to be forgotten”).
  • Right to restrict processing.
  • Right to data portability.
  • Right to object to processing, including direct marketing.
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with a supervisory authority (e.g., your local EU/EEA Data Protection Authority, the UK ICO, the UAE Data Office, or the DIFC Commissioner of Data Protection).

Under CCPA / CPRA (California residents)

  • Right to know what personal information is collected, used, and disclosed.
  • Right to delete personal information.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information.
  • Right to non-discrimination for exercising your rights.

To exercise any right, contact privacy@nexray.co. We will respond within the timeframes required by applicable law and may need to verify your identity first. You may use an authorised agent where permitted.

Children’s Privacy

Our Services are B2B and not directed to children under the age of 16 (or the applicable age in your jurisdiction), and we do not knowingly collect their personal data.

Cookies

Our website uses cookies and similar technologies. Please see our Cookie Policy for details and how to manage your preferences.

Changes to This Policy

We may update this Policy from time to time. The “Last updated” date indicates the latest revision. Material changes will be communicated through our website or by email.

Contact Us

NEXRAY & CO, privacy@nexray.co