RateAgent.io Logo

Data Protection

Last Updated: December 2025

1. Our Commitment

LimeworkTechnologies LLC is committed to protecting the personal data of all users, agents, and stakeholders who interact with RateAgent.io. This document outlines our comprehensive approach to data protection.

2. Regulatory Framework

We comply with:

  • UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021)
  • Cabinet Decision No. 34 of 2022 (Executive Regulations)
  • DIFC Data Protection Law No. 5 of 2020
  • ADGM Data Protection Regulations 2021

3. Data Protection Principles

We adhere to the following principles:

3.1 Lawfulness, Fairness, and Transparency

We process data lawfully with a valid legal basis, fairly without deception, and transparently with clear communication about our practices.

3.2 Purpose Limitation

We collect data only for specified, explicit, and legitimate purposes and do not process data in ways incompatible with those purposes.

3.3 Data Minimisation

We collect only data that is adequate, relevant, and necessary for our stated purposes.

3.4 Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is corrected or deleted promptly.

3.5 Storage Limitation

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.

3.6 Integrity and Confidentiality

We implement appropriate security measures to protect against unauthorised access, loss, destruction, or damage.

4. Technical Security Measures

4.1 Encryption

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted backups with secure key management

4.2 Access Controls

  • Role-based access control (RBAC) for all systems
  • Multi-factor authentication for administrative access
  • Regular access reviews and privilege audits
  • Principle of least privilege enforcement

4.3 Infrastructure Security

  • Cloud infrastructure with ISO 27001 certification
  • Web application firewall (WAF) protection
  • DDoS mitigation services
  • Regular vulnerability scanning and penetration testing
  • Intrusion detection and prevention systems

4.4 Application Security

  • Secure software development lifecycle (SDLC)
  • Code reviews and security testing
  • Input validation and output encoding
  • Protection against OWASP Top 10 vulnerabilities

5. Organisational Measures

5.1 Policies and Procedures

  • Information security policy
  • Data classification policy
  • Acceptable use policy
  • Incident response procedures
  • Business continuity and disaster recovery plans

5.2 Training and Awareness

  • Mandatory data protection training for all employees
  • Regular security awareness programmes
  • Phishing simulation exercises

5.3 Third-Party Management

  • Due diligence on all third-party processors
  • Data processing agreements with all vendors
  • Regular vendor security assessments

6. Data Subject Rights

We facilitate the exercise of data subject rights including:

  • Right to Access: Obtain confirmation and copy of your data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data
  • Right to Restriction: Limit processing of your data
  • Right to Data Portability: Receive data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise any right, contact privacy@rateagent.io. We respond to requests within 30 days.

7. Data Breach Response

In the event of a data breach:

  • Immediate containment and assessment within 24 hours
  • Notification to UAE Data Office within 72 hours if required
  • Notification to affected individuals without undue delay
  • Documentation and post-incident review
  • Implementation of remedial measures

8. International Transfers

When transferring data outside the UAE, we ensure adequate protection through:

  • Standard contractual clauses
  • Adequacy decisions where applicable
  • Binding corporate rules for intra-group transfers

9. Record Keeping

We maintain records of all processing activities including:

  • Purposes of processing
  • Categories of data subjects and data
  • Recipients of data
  • International transfers
  • Retention periods
  • Security measures

10. Data Protection Officer

For data protection enquiries, contact:

Data Protection Officer

LimeworkTechnologies LLC

Email: dpo@rateagent.io

11. Complaints

If you believe your data protection rights have been violated, you may lodge a complaint with the UAE Data Office or the relevant supervisory authority in your jurisdiction.

© 2025 LimeworkTechnologies LLC. All rights reserved.