Privacy Policy

The controller responsible for data processing on this website is: Jennefer Rahman Heusenstammer Weg 69 63071 Offenbach am Main Germany Email: info@staff-dubai.com

We collect and process the following personal data: For Talent: — Username and email address — Password (stored as bcrypt hash, never in plain text) — Role, nationality, availability, bio — Optional: phone number, Instagram handle, Facebook handle For Employers: — Company name and email address — Password (stored as bcrypt hash) — Stripe customer ID and subscription status — Optional: Instagram handle, Facebook handle Technical data (automatically collected): — IP address (processed by Vercel infrastructure) — Browser type and version — Date and time of access Important note regarding Talent profiles: Talent profiles are displayed to subscribed Employers in an anonymised form by default. The Talent's real name and personal contact details are only disclosed to an Employer after the Talent explicitly accepts the Employer's offer. Prior to acceptance, Employers can only see professional profile data (role, experience, availability, nationality, languages, bio) and not the Talent's identity.

We process your data on the following legal bases under GDPR: — Art. 6(1)(b) GDPR: Performance of a contract (account creation, platform usage) — Art. 6(1)(c) GDPR: Compliance with a legal obligation — Art. 6(1)(f) GDPR: Legitimate interests (platform security, fraud prevention) — Art. 6(1)(a) GDPR: Consent, where explicitly given

We use your data exclusively for the following purposes: — Creating and managing your account — Enabling employers to discover talent profiles in anonymised form — Revealing Talent identity to Employers only upon the Talent's explicit acceptance of an offer — Sending offers between employers and talent — Processing subscription payments (employers only) — Sending transactional emails (welcome, offer notifications) — Maintaining platform security and preventing abuse — Complying with legal obligations

We share your data only with the following trusted service providers: Supabase (Database & Authentication) Purpose: Secure storage of user data and authentication supabase.com/privacy Stripe (Payment Processing) Purpose: Processing employer subscription payments stripe.com/privacy Vercel (Hosting & Infrastructure) Purpose: Website hosting and deployment vercel.com/legal/privacy-policy Resend (Transactional Email) Purpose: Sending transactional emails resend.com/privacy We do not sell, rent, or trade your personal data to any third parties for marketing purposes.

Some of our service providers are based in the United States. Data transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission.

— Active accounts: Data retained for the duration of the account — Deleted accounts: Data deleted within 30 days — Payment records: Retained for 10 years as required by German tax law (§ 147 AO) — Offer and message history: Deleted upon account deletion

As a data subject, you have the following rights: — Art. 15: Right of access — Art. 16: Right to rectification — Art. 17: Right to erasure — Art. 18: Right to restriction of processing — Art. 20: Right to data portability — Art. 21: Right to object — Art. 77: Right to lodge a complaint To exercise any of these rights, contact: info@staff-dubai.com Supervisory authority in Germany: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Gustav-Stresemann-Ring 1, 65189 Wiesbaden.

— All passwords are stored as bcrypt hashes — All data is transmitted via HTTPS/TLS encryption — Database access restricted via Supabase Row Level Security (RLS) — Payment data handled entirely by Stripe — never stored on our servers

StaffDubai uses minimal cookies: — Session cookies: Required for authentication (Supabase Auth) — No advertising cookies — No third-party tracking pixels — No Google Analytics or similar tracking tools

StaffDubai is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. Contact info@staff-dubai.com if you believe a child has provided personal data.

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email.

StaffDubai provides a built-in anonymity feature for Talent users. By default, your real name and personal contact details are not visible to Employers browsing the platform. Your identity is only disclosed when you personally and explicitly accept an offer from an Employer. However, Talent should be aware of the following: — Your professional profile data (role, experience, nationality, availability, languages, bio) is visible to all subscribed Employers in anonymised form. — StaffDubai cannot guarantee absolute anonymity against all possible identification methods. In rare cases, a combination of publicly available data and profile details could allow a third party to identify you. — StaffDubai is not responsible for any consequences arising from a Talent being identified or from any Employer recognising a Talent based on profile information. — Talent are solely responsible for deciding what information to include in their profile. We recommend that Talent exercise their own judgement regarding the level of detail included in their bio and profile.

For any privacy-related questions: Jennefer Rahman Email: info@staff-dubai.com Website: staffdubai.com