Privacy Policy
Introduction
This is the Privacy Policy ("Privacy Policy") for the website hosted at www.comfi.ai ("Website"). The Website is operated by or on behalf of Comfi L.L.C-FZ as Comfi ("Comfi", "we", "us" and "our"). This Privacy Policy applies to individuals and companies using our services and our Website ("you" and "your").
Comfi’s operations, data collection, and information usage and protection practices are designed to align with the laws and regulations of the United Arab Emirates. Our commitment to legal compliance ensures that your data is handled with the utmost care and in accordance with applicable laws.
This Privacy Policy sets out:
i. What information do we collect about you?
ii. How do we use your information?
iii. Who do we share your information with?
iv. Where do we store your information?
v. What about payment processing?
vi. How do we protect your information?
vii. How long do we keep your information?
viii. Changes to the Privacy Policy
ix. Contact Us
Please read the following carefully to understand our views and practices regarding your personal and/or business data and how we will treat it.
By using our services you acknowledge you have read and understood our Privacy Policy.
1. What information do we collect about you?
1.1 We will collect and use the following categories of personal and/or business data from you, from other organisations, and automatically via our Website—for example, when you fill in application forms on our Website. In the next section, we explain what we do with each category.
1.2 Comfi does not access, collect, or store your payment information. We use a payment processor to manage this for us.
1.3 You provide us with the following categories of information about you or your company
This is the information about you and your company that you give us, usually via our Website, phone, e-mail, in writing, or otherwise. It includes information you provide when you register to use our Website, subscribe to our service, pay for an installment, submit a query, or report a problem with our Website.
i. Identity: Company name, trade license number, and corporate registration details;
ii. Contact: Business address, corporate email, contact number, authorized representative’s name, designation, and contact details;
iii. Communications: Records of any correspondence and communications if you contact us, including information you supply if you report a problem with our Website. This covers information we learn about you and your company from:
- Emails
- Letters
- Phone calls and voicemails
- Texts & other digital messaging apps
- Online chat and support tickets
iv. Financial: Your connected bank account statement and/or connected accounting software statement (if you give us an appropriate authorisation);
v. Marketing: You may also provide us with your company’s direct marketing preferences, like whether you would like to receive email or text updates from us.
1.4 Information we receive from other sources
We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment, advertising networks, analytics providers, and search information providers). We may receive information about you from other organisations, including:
i. Credit: Credit score and insolvency information, from our third-party credit score providers;
ii. Identity & Business Verification: We may use third-party services to verify your company’s identity, business status, or financial standing. As part of this process, you may be required to provide relevant business credentials, such as company registration details, tax identification numbers, or authentication through a trusted verification provider. Your use of these services is subject to the respective provider’s terms and privacy policy;
iii. Advertising: Advertisers may share technical information and information about your visits with them, including your experiences or interactions with them (see the next section for more detail about what this means).
1.5 Information we collect about you from your use of our Website
We will automatically collect information from you each time you use our Website:
i. Technical information: This may include details such as the Internet Protocol (IP) address, login credentials, browser type and version, browser plug-in types and versions, device settings (e.g., language and time zone), unique device identifiers, operating system and platform, hardware specifications, and network provider details (such as mobile operator or ISP).
ii. Usage Data: We collect information about how your company engages with our Website. This may include full Uniform Resource Locators (URLs), clickstream data (tracking navigation to, through, and from our site, including timestamps), products or services viewed or searched for, page response times, download errors, time spent on specific pages, interaction data (such as scrolling, clicks, and mouse movements), exit methods from pages, and contact details used to communicate with us via phone, email, or social media.
iii. Location data: If enabled by your company, we may collect location data (such as through IP address, Wi-Fi signals, or other geolocation technologies) to enhance our services, personalize content, and support security measures, including fraud detection and prevention. Location data may be linked to device identifiers to recognize returning users and improve the accuracy of our risk assessments.
iv. Browser Activity Tracking: We may track activity within our Website, including visited URLs and interactions, to analyze user preferences and enhance the overall user experience.
2. How do we use your information?
We use information held about you in the following ways, and we explain the legal reason for each use as well. For more information about what these legal reasons mean, please read the next section: 'Legal reasons explained'.
2.1 If you browse our Website, we use automatically-collected information to:
i. Analyze how businesses interact with our Website to improve its functionality and user experience, ensuring content is displayed in the most effective format for your device;
ii. Provide relevant information, products, and services that you request or that may be of interest to your business;
iii. Process this data based on your consent, where required, or under our legitimate interests, provided these do not override your rights.
2.2 If you create and use your account with us, we use your contact, identity, log-in, financial, verification and automatically collected information to:
i. Create and administer your account with us;
ii. Verify your or your business identity (including appropriate screening processes);
iii. Verify and carry out financial transactions in relation to payments your company makes online/through the Website;
iv. Provide aggregated reporting information to, and otherwise manage and fulfill our agreements with, our shareholders, investors and finance providers.
v. Identify you when you sign in to your account and give you appropriate access to our Website (in accordance with your agreement with us).
vi. Enforce or apply our terms or other agreements with you.
vii. Notify you about changes to our service.
2.3 We may use profiling and automated decision-making, including based on your credit history, to help us determine whether or not to verify and approve your account.
2.4 When you contact or engage with us, we use your contact, identity, log-in, financial, verification and communications information to provide you with customer support, including:
i. Contacting you if you've asked us to do so, including troubleshooting problems, and helping with any issues concerning our Website, and
ii. Providing you with the information, products and services that you request from us.
2.5 If we share marketing or advertising with you, we may use your contact, marketing, advertising, and automatically collected information to:
i. Provide you with promotional update communications by email, SMS, WhatsApp, and phone about our services or other offerings that may be relevant to you;
ii. Seek your feedback on our Website and services through surveys and market research initiatives;
iii. Analyze how your business interacts with our services to better understand your interests and preferences;
iv. Offer personalized recommendations, promotional updates, and targeted marketing to enhance your experience with our Website;
v. Measure the effectiveness of our advertising efforts and optimize the relevance of marketing content.
We may use profiling and automated decision-making to provide relevant information, suggestions, and product recommendations.
We process this data based on our legitimate interests (where we have assessed that these are not overridden by your rights) or with your explicit consent, where required by law.
You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our promotional emails or contacting us at support@comfi.ai.
2.6 When maintaining and improving our Website, we may use your account, marketing advertising and automatically collected information (including location data) to:
i. Administer our Website and services and for internal operations, including audits, troubleshooting, data analysis, testing, research, statistical and survey purposes;
ii. Evaluate and improve our products, services, and Website, including developing and testing new features;
iii. Keep our Website safe and secure;
iv. To detect and protect against error, fraud or other criminal activity;
v. Improve our Website to ensure that content is presented in the most effective manner for you and your computer, and to alert you to any hardware or software incompatibility issues;
vi. Allow you to participate in interactive features of our service, when you choose to do so.
We process this data based on our legitimate interests, where we have assessed that these are not overridden by your rights, and to comply with our legal obligations where applicable.
2.7 Information we receive from other sources
We may combine this information with the information you give us and the information we collect about you in our legitimate interests (where we have considered that these are not overridden by your rights). We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
2.8 Aggregated Data
We may pseudonymise and/or anonymise and aggregate any of the above categories of information. What does this mean?
i. Pseudonymised means that you cannot be identified from the data unless it's combined with additional information held;
ii. Anonymised means that you cannot be identified from the data – for example, if we create aggregated statistics.
We use aggregated information (such as statistical data or customer profile information) to help us analyse how visitors use our Website (including behaviour patterns and the tracking of visits across multiple devices) and interact with us on social media (for example, statistics about demographics or users per country), provide more useful information to our customers, and understand which of our services are of most interest.
We may provide aggregated data (e.g., demographic statistics about our customers) to our partners or other third parties in exchange for access to their products or services or to promote our Website.
Where such aggregate information is derived from your personal or business data, we will take steps to pseudonymise or anonymise it, ensuring that no individual or business can be easily re-identified from aggregate information retained or used for these purposes.
2.9 Legal reasons (or 'lawful bases') explained
In accordance with applicable data protection law, we rely on one or more of the following grounds when processing your data:
i. Contractual Necessity: We collect, store, and process your personal and/or business information where necessary to perform a contract you have with us (such as our Terms & Conditions) or where you have asked us to take specific steps before entering into that contract. This includes providing services, processing transactions, and notifying you about changes to our services.
ii. Legal Obligation: We may need to process your personal and/or business information to comply with our legal obligations, including under applicable local laws and/or any court orders. This includes compliance with know-your-client (KYC) and anti-money laundering (AML) rules.
iii. Legitimate interests: We may process your personal and/or business information if it is necessary for our legitimate interests or the legitimate interests of a third party, provided your rights and interests do not outweigh those interests.
Our legitimate interests include:
i. Providing you with the information, products and services you request;
ii. Sending promotional updates and marketing communications in a B2B context (or in certain cases, if you have purchased a service from us and have not opted out at the time of purchase or any time since) (you are free to opt-out at any time);
iii. Offering personalized recommendations and marketing to enhance your experience with our services;
iv. Understanding how customers use our services; delivering, developing and improving our services, growing our business, and informing our marketing strategy;
v. Measuring and understanding the effectiveness of advertising we serve to you and others, and delivering relevant advertising to you;
vi. Keeping our services safe and secure;
vii. Improving our Website to ensure that content is presented in the most efficient and user-friendly manner;
viii. Administering our Website and conducting troubleshooting, data analysis, testing, research, and statistical analysis;
ix. Fulfilling our contractual obligations to our business partners.
3. Who do we share your information with?
We may share your business information and, where applicable, personal information with the following parties:
3.1 Our group companies
We may share your information with any member of our corporate group, including subsidiaries, our ultimate holding company, and its subsidiaries. These entities may support our processing activities under this Privacy Notice, assist in service delivery, or otherwise process your data in accordance with applicable laws.
3.2 Selected third parties
We work with trusted third parties to support our services, including:
i. Organisations that process your personal and/or business data on our behalf and in accordance with our instructions and the Data Protection Law. This includes supporting the services we offer through the Website, particularly those providing website and data hosting services, providing fulfillment services, distributing any communications we send, supporting or updating marketing lists, facilitating feedback on our services, and providing IT support services from time to time. These organisations (which may include third-party suppliers, agents, sub-contractors and/or other companies in our group) will only use your information to the extent necessary to perform their support functions.
ii. Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals and/or businesses to our advertisers, but we will provide them with aggregate information about our users. We may use the personal and/or business data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience and subject to the cookie section of this Notice.
iii. Analytics and search engine providers that assist us in improving and optimising our Website (this will not identify you as an individual or company).
iv. Merchants and business partners who provide services to you, and with whom we have entered into agreements in relation to the processing of your personal and/or business data, a list of whom can be provided upon request.
v. Payment processing providers who provide secure payment processing services.
vi. Debt collection agencies, should your account fall into arrears, in order to recover outstanding amounts.
vii. Any person to whom disclosure is necessary to enable us to enforce our rights under this Privacy Notice or under any agreement we have with you, or to protect our rights or the rights of third parties. This includes exchanging information with law enforcement, regulatory authorities, or other government bodies when required by law.
viii. We may disclose your data in response to court orders, legal obligations, or regulatory requests where we are required or believe we are required to do so.
ix. In the event of a merger, acquisition, sale, or transfer of assets, we may disclose your data to the prospective buyer or seller as part of the due diligence process.
If we share your personal and/or business information with our group companies or other third parties, we will take steps to protect your personal and/or business information in our contractual agreements with these third parties and require that they have appropriate technical and organisational security measures in place, in compliance with applicable data protection laws.
4. Where do we store your information?
4.1 We are based in the UAE. Our operating company is Comfi L.L.C-FZ, Dubai.
4.2 We may transfer your information outside the UAE. If we do, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism, and that it is treated securely and in accordance with this Privacy Notice.
4.3 We may transfer your personal and/or business information outside the UAE in order to:
i. Store it; or
ii. Enable us to provide goods or services to you and fulfill our contract with you. This includes order fulfillment, processing payment details, and providing support services.
iii. Facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.
5. What about payment processing?
5.1 The payment details you provide will be encrypted using Transport Layer Security (TLS) technology before transmission over the internet, ensuring secure and confidential processing.
5.2 Payments made on the Website are made through our payment gateway provider. You will provide credit or debit card information directly to our payment gateway providers, who operate a secure server to process payment details, encrypt your credit/debit card information, and authorise payment. The information you supply is not within our control and is subject to their own Privacy Notice and terms and conditions.
6. How do we protect your information?
6.1 We take reasonable steps, including physical, technical and organisational measures, to protect your personal and/or business information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
6.2 All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using TLS technology.
6.3 Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal and/or business data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
6.4 External links: Our site may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies. Please check these policies before submitting personal and/or business data to these websites. We are not responsible for the privacy policies or the content of such sites.
6.5 Child safety: We are committed to protecting the safety of children when they use the Internet. Our Website is intended for use only by persons at least 18. You may not use our Website unless you are 18 or older.
7. How long do we keep your information?
7.1 We will keep personal and/or business data for:
i. As long as you have an account with us, to meet our contractual obligations to you, and
ii. For five years after that, to identify any issues and resolve any legal proceedings.
7.2 If you opt out of receiving promotional updates and marketing from us or object to any other processing of your personal and/or business information, we may keep a record of your opt-out or objection to ensure we respect your direct marketing preferences.
7.3 We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
8. Changes to this Notice
We may update this Privacy Notice from time to time. Any changes will be posted on our Website or notified to you via your registered email. Unless otherwise stated, changes will take effect from the date of publication.
9. Contact Us
Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to: support@comfi.ai
COMFI L.L.C-FZ
Registration number: 2424151
Office/Building: 21st floor, Mashreq Bank Global HQ
Downtown, Dubai, United Arab Emirates