Privacy Policy

The controller responsible for data processing on this website is: Jennefer Rahman Heusenstammer Weg 69 63071 Offenbach am Main Germany Email: info@staff-dubai.com

We collect and process the following personal data: For Talent: — Username and email address — Password (stored as bcrypt hash, never in plain text) — Role, nationality, availability, bio For Employers: — Company name and email address — Password (stored as bcrypt hash) — Stripe customer ID and subscription status Technical data (automatically collected): — IP address (processed by Vercel infrastructure) — Browser type and version — Date and time of access

We process your data on the following legal bases under GDPR: — Art. 6(1)(b) GDPR: Performance of a contract (account creation, platform usage) — Art. 6(1)(c) GDPR: Compliance with a legal obligation — Art. 6(1)(f) GDPR: Legitimate interests (platform security, fraud prevention) — Art. 6(1)(a) GDPR: Consent, where explicitly given

We use your data exclusively for the following purposes: — Creating and managing your account — Enabling employers to discover talent profiles — Sending offers between employers and talent — Processing subscription payments (employers only) — Sending transactional emails (welcome, offer notifications) — Maintaining platform security and preventing abuse — Complying with legal obligations

We share your data only with the following trusted service providers: Supabase (Database & Authentication) Purpose: Secure storage of user data and authentication supabase.com/privacy Stripe (Payment Processing) Purpose: Processing employer subscription payments stripe.com/privacy Vercel (Hosting & Infrastructure) Purpose: Website hosting and deployment vercel.com/legal/privacy-policy Resend (Transactional Email) Purpose: Sending transactional emails resend.com/privacy We do not sell, rent, or trade your personal data to any third parties for marketing purposes.

Some of our service providers are based in the United States. Data transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission.

— Active accounts: Data retained for the duration of the account — Deleted accounts: Data deleted within 30 days — Payment records: Retained for 10 years as required by German tax law (§ 147 AO) — Offer and message history: Deleted upon account deletion

As a data subject, you have the following rights: — Art. 15: Right of access — Art. 16: Right to rectification — Art. 17: Right to erasure — Art. 18: Right to restriction of processing — Art. 20: Right to data portability — Art. 21: Right to object — Art. 77: Right to lodge a complaint To exercise any of these rights, contact: info@staff-dubai.com Supervisory authority in Germany: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Gustav-Stresemann-Ring 1, 65189 Wiesbaden.

— All passwords are stored as bcrypt hashes — All data is transmitted via HTTPS/TLS encryption — Database access restricted via Supabase Row Level Security (RLS) — Payment data handled entirely by Stripe — never stored on our servers

StaffDubai uses minimal cookies: — Session cookies: Required for authentication (Supabase Auth) — No advertising cookies — No third-party tracking pixels — No Google Analytics or similar tracking tools

StaffDubai is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. Contact info@staff-dubai.com if you believe a child has provided personal data.

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email.

For any privacy-related questions: Jennefer Rahman Email: info@staff-dubai.com Website: staffdubai.com