Privacy Policy
Effective February 1, 2026
ARTICLE 1 – PREAMBLE
This Privacy Policy aims to inform users (“Users”) and customers (“Customers”) of the website https://www.aryatrading.com/ (the “Site”) and, where applicable, the ARYA application and/or platform (the “Platform”), about how their personal data may be collected and processed, in accordance with applicable data protection regulations.
It is established in particular with regard to:
• Regulation (EU) 2016/679 of April 27, 2016 on the protection of personal data (GDPR), for Users/Customers located in the European Union;
• Federal Decree-Law No. 45/2021 on the protection of personal data of the United Arab Emirates;
• As well as, where applicable, other local laws depending on the User's/Customer's place of residence.
The Site and the Platform allow, in particular, the creation of an account, subscription to Services, access to digital content and tools, and, depending on the offers, access to technical services (software, virtual servers, etc.).
This Policy supplements the Legal Notices, the General Terms and Conditions of Use (GTC), the General Terms and Conditions of Sale (GTC), and the Cookie Policy, which are accessible at any time on the Site.
ARTICLE 2 – DATA CONTROLLER
The processing of personal data implemented in connection with the operation of the Website and the Platform is carried out under the responsibility of:
GREENBULL TECHNOLOGY FZCO, a company incorporated under the laws of the United Arab Emirates, and specifically under the authority of the DMCC Free Zone, with a share capital of AED 100,000, whose registered office is located at Office 3004-3009, 30th Floor, Platinum Tower, Jumeirah Lakes Towers, Dubai, United Arab Emirates, holder of license no. DMCC-747038 issued by the Dubai Multicommodities Center (hereinafter “Greenbull” or the “Data Controller”).
Telephone: +33 7 57 94 70 35
Email:
[email protected]ARTICLE 3 - SCOPE OF DATA PROCESSING CARRIED OUT VIA THE WEBSITE AND PLATFORM
3.1 Account Creation and Access to Services
The Website and/or the Platform allows the creation of a user account (the “Account”) and access to Services (software, tools, digital content, training, support, and, depending on the offer, virtual servers, etc.).
To this end, the Data Controller processes the personal data necessary for:
• Account creation and management;
• Order, payment, and subscription management;
• Service provision and support;
• Platform security and fraud prevention.
3.2 Data Processed During Browsing
When browsing the Site, the Data Controller may also process personal data, including:
• Technical data (IP address, logs, browser type, technical identifiers);
• Audience data (via cookies/trackers, subject to consent);
• Data voluntarily submitted via forms (contact, support).
3.3 Partner Platforms and Third-Party Providers
Some functionalities may involve third-party providers (hosting, payment, support tools, analytics, server providers, etc.). These providers generally act as data processors of the Data Controller, unless otherwise stated (e.g., if a partner processes data for its own purposes, it may be a separate data controller).
The User/Customer is encouraged to consult the privacy policies of these third parties where applicable.
• Technical data (IP address, logs, browser type, technical identifiers);
• Audience data (via cookies/trackers, subject to consent);
• Data submitted voluntarily via forms (contact, support).
ARTICLE 4 – CATEGORIES OF DATA PROCESSED AND PURPOSES
In the context of operating the Website and the Platform, the Data Controller processes personal data exclusively for the purposes described below.
4.1 Data processed directly by the Data Controller
Important: bank card data is not stored in plain text by the Data Controller; it is processed by a secure payment provider.
4.2 Data Retention Periods
Personal data is retained for no longer than is strictly necessary to fulfill the purposes for which it was collected.
The applicable retention periods are detailed in Article 7 of this Policy.
ARTICLE 5 – RECIPIENTS OF PERSONAL DATA
Personal data processed via the Website and the Platform is intended exclusively for:
• The Data Controller's strictly authorized internal departments;
• Technical service providers acting as data processors (hosting, maintenance, payment processing, support, email marketing/CRM, analytics, etc.);
• Where applicable, affiliated companies of the group, when necessary for the performance of the Services and in compliance with applicable regulations.
The Data Controller does not sell personal data.Data is not used for advertising/marketing purposes when consent is required and has not been given.
Payment Provider: Payments made on the Site are processed by Stripe Payments Europe Ltd and/or its affiliated entities (hereinafter “Stripe”), acting as a payment service provider.Regarding payment processing:
• Credit card and payment method data are collected and processed directly by Stripe;
• The Data Controller does not store full credit card numbers;
• Only the information necessary for order management (payment status, transaction ID, partially masked information) may be transmitted to the Data Controller.
Stripe acts as a data processor for payment operations and may, depending on its own organization, process certain data outside the European Union.
When User data located in the European Union is transferred outside the EU, these transfers are governed by appropriate safeguards in accordance with the GDPR, including the implementation of Standard Contractual Clauses (SCCs).
Users are invited to consult Stripe's privacy policy for more information on the processing of their data: https://stripe.com/privacy
ARTICLE 6 – INTERNATIONALDATA TRANSFERS
Given:
• The location of the Data Controller in the United Arab Emirates;
• The use of international technical service providers (hosting, payment, SaaS tools);
Personal data may be transferred and processed outside the User's/Customer's country of residence, including outside the European Union.
When data of Users located in the European Union is transferred to a third country that does not have an adequacy decision from the European Commission, these transfers are governed in accordance with Articles 44 et seq. of the GDPR, in particular by:
• The conclusion of Standard Contractual Clauses (SCCs);
• The implementation of additional technical and organizational measures where necessary (encryption, access restriction, pseudonymization). The User can obtain further information on these guarantees by contacting the Data Controller.
ARTICLE 7 – DATA RETENTION PERIOD
Personal data collected and processed via the Website and the ARYA Platform is retained for a period not exceeding that strictly necessary for the purposes for which it was collected.
Unless otherwise required by law or regulation, the retention periods applied are as follows:
• Data relating to the Customer Account: retained for the duration of the Account's use, then for 3 years from the last activity.
• Contractual and billing data (orders, invoices, proof of payment): retained for 10 years, in accordance with applicable legal and accounting obligations.
• Data relating to customer support (emails, tickets, exchanges): retained for 3 years from the last exchange.
• Marketing/sales prospecting data: retained for 3 years from the last active contact with the User/Customer.
• Technical data and security logs: retained for a maximum of 12 months.
• Cookies and trackers: retained in accordance with the Cookie Policy, within the generally applicable maximum limit of 13 months for non-essential cookies.
After these periods, the data is deleted or anonymized, unless otherwise required by law or necessary for the establishment, exercise, or defense of legal claims.
ARTICLE 8 – DATA HOSTING
The website https://www.aryatrading.com is hosted by:
Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, United States
Certain data relating to the ARYA Platform may be hosted by specialized cloud infrastructure or virtual private server (VPS) providers located in the European Union
ARTICLE 9 – USER RIGHTS
In accordance with applicable regulations, and in particular the GDPR where applicable, all Users/Clients have the following rights:
• Right of access;
• Right to rectification;
• Right to erasure;
• Right to restriction of processing;
• Right to object;
• Right to data portability;
• Right to withdraw consent at any time when processing is based on consent.
Requests can be sent to: 📩
[email protected] The Data Controller will respond within one (1) month of receiving the request, unless there is particular complexity.
In case of reasonable doubt about the identity of the requester, identity verification may be requested.
ARTICLE 10 – COMPLAINTS
The User/Client may:
• Send a request directly to the Data Controller;
• Contact the competent data protection authority:
o For Users located in the European Union: the supervisory authority of their country of residence (e.g., the CNIL in France);
o For Users located in the United Arab Emirates: the competent data protection authority.
ARTICLE 11 – POLICY UPDATES
This Privacy Policy may be modified at any time to reflect legal, regulatory, technical, or organizational developments.
The applicable version is the one published on the Website on the date of consultation.In the event of a substantial modification, Users/Customers may be informed by any appropriate means.
ARTICLE 12 – SECURITY AND CONFIDENTIALITY
The Data Controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks, including:
• Strict control of data access;
• Password encryption;
• Securing infrastructure and servers;
• Regular security audits and updates;
• Contractual framework for service providers.
However, the User/Client is informed that no data transmission via the Internet can be guaranteed to be completely secure.
