Data Privacy & Security Policy
Last updated  18 April 2025

1  |  Who we are

This Website ( “Site” ) is operated by BOTH FZ LLC (“both®”, “we”, “our”, “us”), a company registered in Dubai, United Arab Emirates, P.O. Box 487177.
Email: studio@both.works | Tel: +971 50 528 BOTH citeturn1view0

2  |  Scope of this Policy

This Policy describes how we collect, use, store, share and secure information when you:

• browse both.works and any sub‑pages;

• interact with embedded content (e.g., videos, social‑media plugins);

• communicate with us by email, phone, contact forms or chat; and

• receive marketing or service messages from us.

It applies to visitors worldwide. Where local laws grant you stronger rights, we honour those rights.

 

********************Prohibited Uses – Generative AI and Automated Scraping
No person or entity may (a) copy, scrape, harvest, or otherwise collect any text, images, audiovisual content, metadata, or code from this Site by automated means; (b) use any portion of this Site or its derivatives to train, fine‑tune, validate, or operate machine‑learning or generative‑AI models; or (c) resell, republish, or provide our content as part of any data product or AI service, without our prior written consent. Accessing or using this Site constitutes acceptance of these terms********************

​

3  |  Personal data we collect

CategoryExamplesSource

Identifiersname, postal address, email, phone, companyyou (contact forms, e‑mail)

Usage dataIP address, browser, device, time‑stamp, referrer URLsautomated tracking & cookies

Marketing preferencesnewsletter opt‑in/out, event registrationsyou

Media submissionsany text, images, audio or video you voluntarily provideyou

Cookies & similar technologies (Google Tag Manager, Analytics) store small text files on your device to measure traffic and improve experience. You may disable cookies in your browser; some features may not work. citeturn1view0

4  |  Legal bases for processing

PurposePrimary legal basis

Providing and securing the SiteLegitimate interests (EU GDPR Art 6(1)(f)); UAE PDPL Art 4 (“business purposes”) citeturn2search0turn4search0

Answering enquiries & performing contractsContract performance (Art 6(1)(b))

Marketing with your consentConsent (Art 6(1)(a)); right to withdraw at any time citeturn2search7

Compliance with laws & defence of claimsLegal obligation (Art 6(1)(c))

For California residents we rely on “business purpose” processing under the CCPA/CPRA. We do not sell or share your data for cross‑context behavioural advertising. citeturn3search0

5  |  How we use data

• operate, maintain and secure the Site;

• respond to enquiries and deliver projects;

• improve content, UX and performance analytics;

• send marketing updates you request or consent to;

• comply with legal requirements and enforce our terms.

6  |  Sharing & international transfers

We share information only with:

• Service providers (hosting, cloud storage, analytics, email, payment gateways) bound by confidentiality agreements;

• Professional advisers (lawyers, accountants, auditors) under obligation of secrecy;

• Authorities or courts when required by applicable law.

Servers may reside outside your country (including the UAE, EU or US). Where required, we use EU Standard Contractual Clauses or equivalent safeguards to protect cross‑border transfers (GDPR Art 46). citeturn2search3

7  |  Data retention

We retain personal data only for as long as necessary to fulfil the purposes outlined above or to meet legal, accounting or reporting obligations. Back‑ups are purged on a rolling 90‑day cycle unless litigation holds apply.

8  |  Security measures

• ISO‑grade encrypted transit (TLS 1.3) and at‑rest encryption;

• Role‑based access controls with MFA;

• Annual penetration tests and continuous vulnerability scans;

• Logging and anomaly detection on all production systems.

Although we follow industry best practice, no online transmission is 100 % secure.

9  |  Your rights

JurisdictionRights summary

EU/EEA & UK (GDPR)access, rectification, erasure, restriction, portability, objection, withdraw consent, lodge complaint with supervisory authority (Arts 12‑23) citeturn2search3

United Arab Emirates (PDPL)access, correction, erasure, processing restriction/stop, portability, complaint to UAE Data Office citeturn4search0

California (CCPA/CPRA)know, delete, correct, opt‑out of sale/sharing, limit use of sensitive data, non‑discrimination citeturn3search0

To exercise any right, email privacy@both.works or write to the address in § 1. We will respond within the timeframe required by applicable law (GDPR: 1 month; CCPA: 45 days; PDPL: 30 days).

10  |  Automated decision‑making

We do not use automated profiling or decisions that have legal or similar significant effects on you (GDPR Art 22).

11  |  Children

The Site is not directed to children under 18. We do not knowingly process their personal data. If you believe a minor has provided information, contact us and we will delete it promptly.

12  |  Third‑party links

Our pages contain links to third‑party sites (e.g., YouTube, social networks). We are not responsible for their privacy practices; please review their policies before sharing data.

13  |  Changes to this Policy

We may update this Policy periodically. Material changes will be announced on this page and, where appropriate, via email. The “Last updated” date above tells you when it was last revised.

14  |  Contact & complaints

Questions, requests or complaints?
Email: privacy@both.works
Postal: BOTH FZ LLC, Al Bahar Offices, Burj Khalifa District, P.O. Box 487177, Dubai UAE
If you are in the EU/EEA, you may also contact your local data‑protection authority.

Thank you for trusting both® with your information.