Last updated: 8 April, 2024
Bashta (“Company” or “we”) welcomes you. This Privacy Notice (“Privacy Notice”) applies to our website (“Website”).
The Privacy Notice describes which of your personal data Website, how stores, processes, and uses it, and what happens when you use the Website.
We are the controller of your personal data processed through the Website / App. This means that we determine the purposes and means of personal data processing.
| Name | Bashta | ||
| Address | Boulevard Plaza, Tower 2 Office 2402 Sheikh Mohammed bin Rashid Boulevard Downtown Dubai, PO Box: 334155 Dubai | ||
| [email protected] – for general and privacy inquiries | |||
When you visit the Website, you become our user (“User”).
We divide the Users into categories so you can easily find details about the processing of your personal data. Pay attention that you can fall into several categories depending on your actions.
| Type of User | Description | ||
| Support Requester | User who fills out the “Support” form on the Support topic on the Website / App | ||
| Potential Client | User who fills out the “Contact us” form on the Website / App | ||
| Feedback Provider | User who fills out the form to provide feedback on the Website / App | ||
| Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or the legal representative of such a User, please contact us. | |||
We receive your data when you visit the Website and interact with it, depending on your actions on the Website.
You can change your personal data by exercising your right to rectification or by the Website functionality. Please note that the same lawful basis and storage terms apply to the changed data.
We may also (although we do not necessarily do so) receive data from third parties. It depends on your settings and the features you use.
To process your personal data, we rely on the following lawful bases:
If we collect personal data on the basis of legitimate interest or performance of the contract, we can use it for another purpose after checking that the new purpose is compatible with the original purpose.
When your data processing is based on a legal obligation or performance of the contract, you are obliged to provide your personal data. We need this data to comply with legal requirements or to properly provide you with our services. The failure to provide such data may have negative consequences, such as tax liability, inability to enter into a contract or provide services to you, etc.
When you visit the Website, we collect some data automatically. We collect some technical data about the Users to optimise performance, debug issues, and enhance features while ensuring security and privacy to improve the overall user experience.
Most of the technical data we collect are anonymous, but some data is associated with your IP address and device ID. Please read about personal technical data below.
| Data | Reasons for processing | Lawful basis |
| Information about the сoarse location (IP address, country) | The optimization of the performance, debugging, enhancement of the features’ proper functioning, administering and improvement of the Website | Legitimate interest |
| Technical device information and network information (including IP address, HTTP user agent, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks) | ||
| Data storage | ||
| We store the data for 3 years from its collection | ||
We also need cookies to operate, support, and improve the Website’s functionality.
| Data | Description | Reasons for processing | Lawful basis |
| Ncessary cookies | Information that is necessary for the operation of the Website | Improving your experience of using the Website | Performance of the contract |
| Marketing cookies | Marketing information used to match relevant advertising to you | Marketing | Consent |
| Preference cookies | Information necessary for operating some services on the Website | The operation of some services on the Website | Consent |
| Statistics cookies | Statistical data used to understand how you interact with the Website | Improvement of the Website and analysis of the statistic for other purposese | Consent |
| Data storage | |||
| Cookies | Stored during the expiry period provided in our Cookie Policy. | ||
When we collect the personal data:
| Data | Reasons for processing | Lawful basis |
| Name | We need this data in order to understand the context of our future communication and to get into precontractual agreements. | Performance of the contract |
| Position | ||
| Company data | ||
| Additional data (provided by User) | ||
| KYC data | Verify you as a user | Legal obligation |
| Data storage | ||
| Based on legal obligation. | Stored for 6 years. | |
| Based on performance of the contract. | Stored for 3 years from last interaction with us. | |
When we collect the personal data:
| Data | Reasons for processing | Lawful basis |
| Common data | Name, email | |
| Verification data | Complete privacy or other legal requests | Legal obligation |
| Type and context of request | ||
| Logs | Help with the service | Performance of the contract |
| Attachments | ||
| Attachments | other | Legitimate interest / performance of the contract |
| Data storage | ||
| Based on legal obligation. | Stored for 6 years. | |
| Based on performance of the contract. | Stored for 3 years from last interaction with us. | |
When we collect the personal data:
| Data | Reasons for processing | Lawful basis |
| Name | Marketing activities | Consent |
| Data storage | ||
| Data that is processed based on consent. | Stored for 2 years from collection, if you do not withdraw consent. | |
We can share your personal data with third parties without any harm to you and in full compliance with applicable law. In addition, we have implemented organisational and technical measures to ensure the security of personal data during data transfer to third-party.
| Third parties | Description |
| Analytics tools | We use analytics tools to understand and promote our business. |
| Payment services | We use payment services to process your payments and other transactions. |
| Social networks | We use various social networks to spread information about our activities. |
| Messengers | We use messengers to communicate with you in ways that are convenient for you. |
| Data storage services | We use various cloud services that allow us to securely store data on remote servers. |
| Contractors, services providers on Website / App | We cooperate with service providers and contractors to provide you with their services, operate, develop and improve the features and functionality of the Website / App, fulfill your support requests, complete payment transactions, etс. |
| Providers of the services our team use | We use CRM systems, messengers, and other services in our organisation to provide you with our services. |
| State authorities, courts, law enforcement agencies, etc | We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies:
|
| To get a detailed list of the third-party recipients of your personal data, contact us. | |
To share your data, we rely on the following lawful bases, depending on the case: consent, compliance with the law, and performance of a contract.
The personal data we collect is stored in ______.
We may share personal data with the recipients of other countries, including non-EEA ones, ensuring that your data is protected and processed in accordance with the General Data Protection Regulation.
To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient.
If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here.
We are regularly certified by ISO 27001 Standard.
We apply a variety of security measures appropriate to the possible risks.
| Organisational measures | |
| Staff training | Internal policies and instructions |
| Non-disclosure agreements (NDA) | Transfer protection |
| Access control mechanism | |
| Physical measures | |
| Video monitoring | Signalling |
| Limited access to premises | Round the clock security |
| Technical measures | |
| Two-factor authentication | Backups |
| Firewalls | Encryption of data |
| Implementation of HTTPS | End-to-end encryption |
You, as a data subject (individual), have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them depending on your residency.
| Right | Description |
| Right to access | You can request information on whether personal data are being processed, and, where that is the case, access to this personal data and the information required by law. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restrict the processing | You may partially or completely prohibit us from processing your personal data in cases provided by law. |
| Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data that is collected on the base of legitimate interest. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you could file a complaint to the regulatory body. |
| To exercise your rights, contact us. | |
| For EEA residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. | |
| For UK residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner’s Office via number 0303-123-1113 or go online at www.ico.org.uk/concerns. | |
| Right | Description |
| Right to access | You can request information on whether personal data are being processed, and, where that is the case, access to this personal data and the information required by law. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| To exercise your rights, contact us. | |
We use cookies that are needed for the Website’s operation. By using cookies, we receive automatically collected data. You can read more in the Cookie Policy.
If you want to turn off cookies, you can find instructions for managing your browser settings at these links:
This Privacy Notice is developed according to the General Data Protection Regulation, other applicable privacy laws, and best privacy practices.
Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice on the Website / App.
If there are material changes to the Privacy Notice or the Website that affect your data privacy rights, we will notify you by displaying information on the Website and, if necessary, ask for your consent.