<!-- Google Tag Manager (noscript) -->
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NCZ6VF9D"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<!-- End Google Tag Manager (noscript) -->

Privacy Policy

Effective date: 15 June 2026

1. Who we are

1.1. This Privacy Policy explains how TREVEX Technology Limited (“TREVEX”, “we”, “our”, “us”) collects, uses, shares, and protects personal data. TREVEX is a company registered in the Dubai International Financial Centre (“DIFC”) under registration number 5069, with its registered office at Unit GA-00-SZ-L1-RT-201, Level 1, Gate Avenue, South Zone, Dubai International Financial Centre, Dubai, United Arab Emirates. We are the controller of the personal data described in this policy.

1.2. TREVEX operates the UAE Business Directory: a directory where every UAE business has a profile, and where businesses can claim their profile, become a Member, and complete Verification, alongside related products such as Credit Reports, Payment Endorsements, Business Matching, referrals, and trade services. This policy covers the website at trevex.io. The directory application at app.trevex.io is covered by its own data and processing notice.

1.3. TREVEX is registered in the DIFC. It is not regulated by the Dubai Financial Services Authority, and the directory is not a regulated financial service.

2. The law that applies

2.1. As a company incorporated in the DIFC, we are subject to the DIFC Data Protection Law No. 5 of 2020, as amended (the “DIFC DPL”). Under Article 6 of the DIFC DPL, the law applies to our processing of personal data wherever that processing takes place.

2.2. Because the directory covers businesses and individuals across the United Arab Emirates, we also act consistently with the UAE Federal Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) (“PDPL”) in respect of data subjects in the wider UAE. Where we offer services to, or monitor, individuals in the European Economic Area, we also apply the EU General Data Protection Regulation (“GDPR”).

2.3. We apply the highest standard common to these laws. Where they conflict in respect of processing within the scope of the DIFC DPL, the DIFC DPL governs and the DIFC Courts have jurisdiction. This does not remove any mandatory right or remedy available to you under the law that applies to you as a data subject.

3. Who this policy is for

3.1. The website and the directory are intended for businesses and for individuals acting in a business capacity. They are not intended for anyone under the age of 18, and we ask that individuals under 18 do not provide personal data to us.

4. The data we collect

4.1. Business information. Information about businesses, including registered name, trade licence, registration details, ownership and management, sector, address, contact details, and trade activity. Much of this is information about a company rather than an individual.

4.2. Personal data. Information that identifies or can identify an individual, such as the name, role, business contact details, and identification information of the directors, shareholders, managers, signatories, and contacts connected to a business, and of the people who use the website. For a corporate entity, the information we hold includes its business records and related documents, such as constitutional documents, certificates of incorporation, trade licences, and financial statements.

4.3. Data you provide. Information you give us when you claim a business, become a Member, complete Verification, request a product, complete a form, subscribe, or contact us.

4.4. Data from third parties. We compile business information from third-party sources, including our data provider WorldBox, from public registries and authorities, and from conferences, events, introductions, and selected business-information providers. This is how a business can appear on the directory before it has engaged with us.

4.5. Data generated by use. Information created as you use the directory, such as Payment Endorsements, report requests, search and activity data, and the monitoring and analytics data described in clause 9.

5. How we use data, and our lawful basis

5.1. We process personal data only where the DIFC DPL (Article 10), and the PDPL and GDPR where they apply, give us a lawful basis. We rely on the following bases for the following purposes:

5.2. To provide the directory and our products (creating and managing your profile and account, Verification, Credit Reports, Payment Endorsements, Business Matching, referrals, and related services). Basis: performance of a contract with you, and our legitimate interests in operating the directory.

5.3. To compile and maintain the directory, including publishing business profiles and keeping them current. Basis: our legitimate interests in a complete and reliable UAE business directory, and the public and commercial interest in business information. See clause 6.

5.4. To verify identity and prevent fraud and financial crime, including Verification of a business and, where we offer them, identity and compliance checks. Basis: compliance with our legal obligations, and our legitimate interests in a trustworthy platform.

5.5. To produce analytics, insights, benchmarks, and aggregated and derivative data products (clause 7), and to improve and develop our products. Basis: our legitimate interests.

5.6. To market our products and those of our partners, and to share data with partners who can offer you finance, banking, insurance, or related services. Basis: your consent where required, and our legitimate interests for our own existing-customer marketing. You can withdraw consent or object at any time (clause 14).

5.7. To communicate with you about your account, changes to our terms or services, and other administrative matters. Basis: performance of a contract and our legitimate interests. You cannot opt out of essential service communications while you hold an account.

5.8. To comply with law and to establish, exercise, or defend legal claims, and to protect the security of our systems and data. Basis: legal obligation and legitimate interests.

6. Business profiles for businesses that have not engaged with us

6.1. Every UAE business can appear on the directory as a profile before it has claimed it, compiled from the third-party and public sources in clause 4.4. A buyer may also request a profile of a business that has not claimed it.

6.2. Where a profile includes personal data of the individuals connected to a business, we process that personal data on the basis of our legitimate interests in maintaining a complete and reliable directory and enabling commerce, balanced against the rights of those individuals. We limit the personal data in a profile to business-role and business-contact information that is proportionate to that purpose, and we do not publish special-category or private personal data on this basis.

6.3. You have the right to object to this processing and to ask us to correct or remove personal data. See clause 14. We tell you the source of the data on request.

7. Aggregated and derivative data

7.1. We create, use, license, and sell aggregated, de-identified, statistical, and derivative datasets, insights, benchmarks, and analytics derived from data on the platform. These outputs are aggregated or anonymised so that individuals are not identifiable, and they are the intellectual property of TREVEX.

7.2. Because this data does not identify individuals, it is not personal data, and we may use it for any lawful purpose, including developing and commercialising products.

8. Consent

8.1. Where we rely on your consent, you give it by a clear affirmative act, and you can withdraw it at any time. Withdrawing consent is as easy as giving it and does not affect processing carried out before you withdrew. Where consent is required for separate purposes, such as marketing and sharing with partners, you can give or withhold it for each separately.

9. Cookies, monitoring, and tracking

9.1. We use cookies and similar technologies (including pixels, tags, and analytics tools) to operate the website, understand how it is used, and improve and market our services. We ask for your consent for non-essential cookies. You can manage cookies through your browser, though some features may not work without them.

9.2. We also collect monitoring data such as device, browser, and usage information. Unless combined with personal data, this does not identify you and we may use it for any purpose.

10. Who we share data with

10.1. Service providers (processors) who process data on our instructions, such as hosting providers, payment providers, analytics providers, and, where we offer identity-verification and compliance checks, our verification and compliance partners. We put legally binding written agreements in place with these providers, containing the controls required by Article 24 of the DIFC DPL.

10.2. Partners (separate controllers) such as banks, finance providers, and insurers to whom we refer you, where you have consented to that sharing. Once a partner receives your data as a controller, its own privacy terms apply.

10.3. Group companies and acquirers, including a party that may acquire or take over some or all of our business, in connection with a corporate transaction.

10.4. Public authorities. We disclose personal data to a public authority, including authorities outside the DIFC, only after we have satisfied ourselves that the request is valid and proportionate, in line with Article 28 of the DIFC DPL.

11. International transfers

11.1. We may transfer personal data outside the DIFC and the UAE to our service providers, partners, and group companies. Today this includes a transfer to Switzerland, where our directory-data provider WorldBox is based. As we add partners and providers, including finance and insurance partners in the European Union and elsewhere, personal data may be transferred to the countries in which they operate.

11.2. We make every such transfer only where the destination provides an adequate level of protection, or where appropriate safeguards, such as standard contractual clauses, are in place. Where we share data with a requesting authority outside the DIFC, we apply the validity-and-proportionality assessment under Article 28(2) of the DIFC DPL.

12. How long we keep data

12.1. We keep personal data only as long as we need it for the purposes in this policy, or as the law requires.

12.2. We keep your account and profile data while your account is active, and for 24 months after it becomes inactive or is closed, after which we anonymise or securely delete it.

12.3. Records we are required to keep by law, including tax, accounting, and any verification or anti-money-laundering records from identity checks, are kept for the period required by applicable law, then deleted. These periods override the 24-month period in clause 12.2 for those specific records.

12.4. Your business may remain on the directory as a Listing on the legitimate-interests basis in clause 6 even after an account is closed, subject to your right to object. We may also retain aggregated and derivative data that no longer identifies you.

13. How we keep data secure

13.1. We have appropriate technical and organisational measures to protect personal data from loss, misuse, and unauthorised access, and we limit access to those who need it. TREVEX is certified to ISO/IEC 27001, and we are working toward SOC 2 Type II.

13.2. We have procedures for suspected personal data breaches. Where the DIFC DPL requires it, we notify the Commissioner of Data Protection under Article 41, and affected individuals under Article 42, and we notify other regulators where the PDPL or GDPR require.

14. Your rights

14.1. You have the right to access your personal data, to have it corrected or erased, to restrict or object to our processing, to data portability, and to withdraw consent. You also have the right not to be discriminated against for exercising these rights.

14.2. To exercise any of these rights, contact us using the details in clause 16. Please give us enough information to identify you and tell us which right you want to exercise.

14.3. If you are unhappy with how we handle your data, you can complain to the DIFC Commissioner of Data Protection. Under the DIFC DPL (Article 64A), you may also apply directly to the DIFC Courts if a contravention causes you damage, including financial loss or distress. If the PDPL or GDPR applies to you, you keep the rights and remedies they give you, including complaint to the relevant authority.

15. Changes to this policy

15.1. We may update this policy from time to time. When we make significant changes, in particular changes to how we use personal data, we will take steps to inform you, for example by a prominent notice on the website or by email, and we will obtain fresh consent where the law requires it.

16. Contact us

16.1. For any question about this policy or your data, or to exercise a right, contact:

TREVEX Technology Limited

DIFC Innovation One, Office 209, Trade Centre 2, Dubai, United Arab Emirates

Privacy contact: support@trevex.io

Phone: +9714 401 9456

Copyright @ 2023 - 2026 TREVEX Technology Limited
Privacy Policy
Terms & Conditions