Privacy Policy

1. DATA CONTROLLER

The controller of personal data is:

• STOKEEN LLC
• Limited liability company (LLC)
• Formation number: 2535404
• License: 2535404.01
• Jurisdiction: Sharjah Media City Free Zone (Shams), Emirate of Sharjah, United Arab Emirates
• Registered office: Sharjah Media City (Shams), P.O. Box 515000, Sharjah, United Arab Emirates
• Contact email: info@stokeen.com
• Website: www.stokeen.ae

Stokeen acts as the controller of personal data collected through the Platform, without prejudice to certain integrated services being provided by independent third parties acting as controllers or processors, as applicable.

2. SCOPE AND PERSONAL DATA COLLECTED

This Privacy Policy applies to all processing of personal data carried out by Stokeen in connection with use of the Platform, regardless of where the User accesses it from.

Stokeen may collect and process the following categories of personal data:

• Identification and contact data: First and last name, email address, phone number, and other contact details provided during registration or use of the Platform.
• Professional and business data: Information relating to the company, role, sector, activity, location, and any other professional information included in the User’s profile.
• Account and access data: Access credentials, user identifiers, and data required for authentication and Account management.
• Identity verification (KYC) data: Information and documentation needed to verify the User’s identity, which may include official documents, biometric data, or additional information required by external verification providers such as DIDIT or equivalent providers.
• Transaction-related data: Information on commercial operations carried out through the Platform, including amounts, payment terms, use of escrow services, and transaction status.
• Communications data: Messages, interactions, and content shared through communication tools within the Platform, including internal chat.
• Usage and browsing data: Information on use of the Platform, such as IP address, device type, operating system, browser, activity on the Platform, logs, and analytics data.
• Data from third parties: Data obtained through external providers integrated into the Platform, including identity verification services, payment services, logistics services, or other technology partners.

The User warrants that the data provided is truthful, accurate, and up to date, and undertakes to notify Stokeen of any changes.

3. PURPOSES OF PROCESSING

Stokeen will process the User’s personal data for the following purposes:

• Provision of Platform services: Managing User registration, creation and maintenance of the Account, and enabling access to and use of available features, including matchmaking tools, communication between Users, RFQ management, and development of business relationships.
• Management of business relationships between Users: Facilitating connection, interaction, and communication between companies, including exchange of professional information and management of business opportunities.
• Identity verification (KYC) and regulatory compliance: Verifying Users’ identity through external providers, preventing fraud, complying with legal obligations, and ensuring Platform security.
• Payment and transaction management: Facilitating integration with payment and escrow service providers, enabling secure commercial operations between Users.
• User care and support: Responding to queries, requests, incidents, or complaints related to use of the Platform.
• Security and fraud prevention: Detecting, preventing, and managing fraudulent activity, unauthorized access, misuse of the Platform, or breaches of the Terms and Conditions.
• Improvement and development of the Platform: Analysing use of the Platform, conducting statistical studies, improving features, optimizing the user experience, and developing new services. Carrying out analysis and profiling to improve matchmaking between Users, optimize the relevance of business connections, and personalize the experience on the Platform.
• Operational and commercial communications: Sending communications related to the operation of the Platform, updates, changes to services or legal terms, and, where appropriate, commercial information about Stokeen’s services, features, or news.
• Compliance with legal obligations: Complying with legal, regulatory, or competent authority requirements, and managing potential claims or legal proceedings.

4. LEGAL BASIS FOR PROCESSING

Stokeen will process the User’s personal data only where a valid legal basis exists under applicable law in the United Arab Emirates, including UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).

In particular, processing is based on the following legal bases:

• Performance of a contract: Where processing is necessary to provide Platform services, including Account management, interaction between Users, RFQ management, and use of digital features.
• User consent: Where the User has given express consent, for example for sending commercial communications or for specific processing such as identity verification (KYC) processes where required.
• Compliance with legal obligations: Where processing is necessary to comply with applicable legal or regulatory obligations, including verification requirements, fraud prevention, or requests from competent authorities.
• Legitimate interests of Stokeen: Where processing is necessary for the operation, improvement, and security of the Platform, including fraud prevention, system protection, analysis of Platform use, and development of new services, provided such interests do not override the User’s rights.
• Public interest or protection of vital interests: Where processing is necessary to protect essential interests of the User or third parties, or where permitted by applicable law.

5. DATA SHARING AND THIRD-PARTY SERVICES

Stokeen may share the User’s personal data with third parties only where necessary to provide Platform services, comply with legal obligations, or operate the digital ecosystem.

In particular, data may be shared with:

• Identity verification (KYC) providers: Stokeen may share personal data with external providers responsible for identity verification processes, such as DIDIT or equivalent providers, in order to meet legal requirements, prevent fraud, and ensure Platform security.
• Payment and escrow service providers: Transactions carried out through the Platform are managed via external providers specialized in payment custody, such as Escrow.com or equivalent providers. In this context, data necessary to process payments, verify transactions, and meet regulatory requirements may be shared with those providers.
• Logistics service providers: Where operations involve shipment of goods, Stokeen may share necessary information with logistics providers, including services such as Emirates Post or other integrated operators, to facilitate management, tracking, and delivery of shipments.
• Technology and infrastructure providers: Stokeen may use third-party services for hosting, storage, analytics, communications, or other technical functions necessary for the Platform to operate.
• Authorities and public bodies: Stokeen may disclose personal data when required by law, by competent authorities, or in the context of legal proceedings.

Stokeen does not sell personal data to third parties.

The User acknowledges and accepts that the third parties mentioned may process data in accordance with their own privacy policies, acting as controllers or processors, as applicable.

Stokeen does not control and is not responsible for processing carried out by such third parties outside the scope of the Platform.

6. INTERNATIONAL DATA TRANSFERS

Stokeen may transfer personal data outside the United Arab Emirates where necessary to provide Platform services or to operate integrated services.

Such transfers may occur, among other cases, in connection with:

• identity verification (KYC) providers
• payment and escrow service providers
• technology and infrastructure providers
• analytics or cloud storage services

Stokeen will ensure that such transfers are carried out in accordance with applicable law, adopting measures necessary to ensure an appropriate level of protection of personal data. In particular, Stokeen may rely on:

• adequacy decisions where they exist
• appropriate contractual safeguards with providers
• the User’s explicit consent, where required
• any other mechanism permitted by applicable regulations

By using the Platform, the User acknowledges and accepts that their personal data may be transferred to and processed in jurisdictions other than their country of residence.

7. USER RIGHTS

In accordance with applicable law in the United Arab Emirates, including UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), the User has the following rights in relation to their personal data:

• Right of access: Request confirmation as to whether Stokeen is processing their personal data and access that information.
• Right of rectification: Request correction of inaccurate, incomplete, or outdated personal data.
• Right of erasure: Request deletion of personal data when it is no longer necessary for the purposes for which it was collected or when processing is not lawful under applicable law.
• Right to restriction of processing: Request restriction of processing of their data in certain circumstances provided for by law.
• Right to object: Object to processing of their personal data where there are legitimate grounds relating to their particular situation, unless overriding legal grounds apply.
• Right to data portability: Request transfer of their personal data to another provider where technically feasible.
• Right to withdraw consent: Withdraw consent given for processing at any time, without affecting the lawfulness of processing carried out before withdrawal.

The User may exercise these rights by request to: info@stokeen.com

Stokeen may request additional information to verify the identity of the requester before responding to the request.

The User also has the right to lodge complaints with the competent data protection authority in the United Arab Emirates.

8. DATA SECURITY

Stokeen adopts appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of personal data, and to prevent loss, misuse, unauthorized access, alteration, or disclosure.

These measures include, among others:

• access control to systems and data
• encryption of information where appropriate
• protection of technology infrastructure
• monitoring of access and activity
• ongoing assessment and improvement of security systems

Nevertheless, the User acknowledges that no system is completely secure and that absolute security of information transmitted over the internet cannot be guaranteed.

The User is responsible for maintaining the confidentiality of their access credentials and for taking appropriate measures to protect their devices and systems.

If a security breach affecting personal data occurs that poses a risk to the User’s rights, Stokeen will take the measures required under applicable law, including notification to competent authorities and, where appropriate, to affected Users.

9. RETENTION OF DATA

Stokeen will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including provision of services, compliance with legal obligations, and resolution of potential liabilities.

• while the User maintains an active Account on the Platform
• for periods necessary to comply with legal, tax, or regulatory obligations
• for the time necessary to defend against potential claims or disputes

Once personal data is no longer necessary, it will be securely deleted or anonymized, unless retention is required by applicable law.

10. CHANGES TO THIS PRIVACY POLICY

Stokeen reserves the right to modify or update this Privacy Policy at any time. Any changes will be published on the Platform, indicating the date of the last update.

Continued use of the Platform after publication of changes will constitute acceptance of the updated Privacy Policy.

11. CONTACT

For any query, request, or exercise of rights regarding data protection, the User may contact Stokeen through the following means:

• Email: info@stokeen.com
• Address: Sharjah Media City (Shams), P.O. Box 515000, Sharjah, United Arab Emirates
• Website: www.stokeen.ae