1. Who we are
CESPRO Facility Management Services & Maintenance - L.L.C ("CESPRO", "we") is the controller of any personal data we process about you. We are registered in Abu Dhabi, United Arab Emirates (Economic Licence CN-1654789; Tax Registration Number 100399928900003), at Musaffah M-44, Sultan Bin Khalifa Bin Zayed, Abu Dhabi 32076. Our data-protection contact is privacy@cespro.ae.
2. What we collect
We collect data you provide directly and data generated through your use of our services. Categories include:
- Identification and contact data (name, mobile, email, address)
- Property and unit information (size, AC count, access details)
- Booking and visit data (request, scope, photos taken on site, GPS location of the visit)
- Payment data (processed via PCI-compliant gateways — we never store full card numbers)
- Platform usage logs (login times, actions, device identifiers)
3. Legal basis and purposes
Under the UAE PDPL we process your data on the basis of your consent or the exceptions the law sets out: to deliver the services you booked and run them safely (contract performance — including service updates, invoices, security and fraud prevention), and to comply with VAT and other regulatory obligations (legal obligation). Marketing messages are sent only with your consent, per channel, and every one carries an opt-out; you can withdraw any consent at any time.
5. How long we keep your data
Financial records (invoices and payments) are retained for at least five years to satisfy UAE Federal Tax Authority requirements. Other customer records are kept for the duration of our relationship and then anonymised on account deletion. Photos taken during visits are kept as part of the job record they document (warranty and quality evidence) and follow the same anonymisation on deletion.
6. Your rights under UAE PDPL
Under Federal Decree-Law No. 45 of 2021, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Restrict or object to certain processing
- Request deletion (subject to legal retention obligations)
- Receive a portable copy of your data
- Withdraw any consent you previously gave
Email privacy@cespro.ae to exercise any of these rights. We respond within 30 days. If we cannot resolve a complaint, you may escalate to the UAE Data Office (Federal Authority).
7. Security
Customer data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production systems is restricted by role, with two-factor authentication available for staff accounts (enforceable by policy) and an append-only audit trail for sensitive actions. Photos taken during visits have their location metadata (EXIF/GPS) removed on upload and are stored in encrypted storage.
9. International transfers
CESPRO's application, database and encrypted backups run in Microsoft Azure's UAE North region — your primary records stay in the UAE. Some providers listed above process specific data categories outside the UAE to deliver their function (for example Stripe for payments, Brevo for email, 360dialog for WhatsApp, Message Central for SMS, Google for push notifications and in-app AI, Mapbox for maps). The AI chat on this website runs on Microsoft's Azure OpenAI service from our UAE North resource, though individual chat requests may be processed transiently in other Azure regions for capacity. Each transfer is limited to what that provider needs and is made under the safeguards the UAE PDPL requires for cross-border transfers.
10. Changes to this policy
We may update this policy from time to time. Material changes are announced in advance via the customer app, by email and on this page — and where the UAE PDPL requires renewed consent, the app will ask you to accept the updated policy before continuing. This policy is published in English and Arabic; if there is any conflict, the English version prevails unless the law requires otherwise.
