M R F TECHNOLOGY CONSULTANCY L.L.C
Effective Date: 2 December 2025

Introduction

M R F TECHNOLOGY CONSULTANCY L.L.C ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect personal information when you visit our website marafgroup.com (the "Website") or interact with us through other channels.

This policy is designed to comply with the EU General Data Protection Regulation (GDPR) and the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. This Privacy Policy applies globally; however, GDPR protections apply specifically when we process personal data of individuals located in the EEA.

We are an IT consultancy agency specialising in automation and AI solutions. Our services are designed for businesses (B2B), and this Website is not directed at consumers or individuals under the age of 18.

Data Controller

For the purposes of applicable data protection laws, the data controller is:

M R F TECHNOLOGY CONSULTANCY L.L.C
Dubai, UAE
Email: info@marafgroup.com

Personal Data We Collect

We collect personal data through various channels depending on how you interact with us. The categories of personal data we collect include:

• Identification data (e.g., first name, last name)
• Contact data (e.g., email address, phone number)
• Company and professional data (e.g., company name, job role)
• Usage/analytics data (e.g., pages visited, interactions with our Website)
• Technical data (e.g., IP address, browser type, device information)

Information You Provide Directly

Contact Form Submissions

When you submit an enquiry through our contact form (powered by Fillout), we collect:

• First Name
• Last Name
• Email Address
• Phone Number
• Company Name
• Preferred Contact Option
• Message content

Newsletter Subscription

If you explicitly opt in to receive our blog or newsletter, we collect:

• Email Address
• Name (where provided)

Email, Phone, and LinkedIn Communications

When you contact us directly via email, phone, or LinkedIn, we may collect personal information that you voluntarily provide, such as:

• Name and contact details
• Company information
• Details related to your enquiry or business needs

Information Collected Automatically

When you visit our Website, we automatically collect certain information through cookies and similar technologies, including:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent on each page
• Referring website or source
• Approximate geographic location
• User behaviour data (clicks, scrolling, navigation patterns)

We configure analytics tools to minimise identifying data where feasible.

For detailed information about the cookies and tracking technologies we use, please see our Cookie Policy.

How We Use Your Personal Data

We use your personal data for the following purposes:

To Respond to Your Enquiries

• Processing and responding to contact form submissions
• Communicating with you about your enquiry or potential business needs
• Following up on your preferred contact method

Legal Basis: Legitimate interest (to respond to business enquiries) or, where applicable, steps taken at your request prior to entering into a contract.

To Send Marketing Communications

• Sending our blog updates and newsletters (only where you have explicitly subscribed)
• Informing you about our services, insights, and industry developments

Legal Basis: Consent. You can withdraw your consent at any time by using the unsubscribe link in any email or by contacting us directly.

To Improve Our Website and Services

• Analysing how visitors use our Website
• Understanding user behaviour to improve content and user experience
• Measuring the effectiveness of our marketing efforts

Legal Basis: Consent (for analytics and marketing cookies) or legitimate interest (for aggregated, non-identifying analytics).

To Ensure Security and Prevent Fraud

• Protecting our Website from malicious activity
• Preventing spam and fraudulent form submissions

Legal Basis: Legitimate interest (to maintain the security of our Website and services).

Summary of Lawful Bases

Responding to enquiries

• Data Used: Contact form data, email/phone/LinkedIn communications
• Lawful Basis: Legitimate interest / Pre-contractual steps

Marketing communications

• Data Used: Email address, name
• Lawful Basis: Consent

Website analytics

• Data Used: Usage data, technical data
• Lawful Basis: Consent (for cookies) / Legitimate interest (for aggregated data)

Security and fraud prevention

• Data Used: Technical data, IP address
• Lawful Basis: Legitimate interest

Third-Party Service Providers

We only share personal data with third parties where necessary to operate our Website or provide our services.

We use the following third-party service providers to operate our Website and process personal data on our behalf:

Fillout

We use Fillout to power our contact forms. When you submit a form, your data is processed by Fillout and integrated with our CRM system.

For more information, visit Fillout's Privacy Policy.

HubSpot

We use HubSpot as our customer relationship management (CRM) platform and for marketing communications. Contact form submissions are stored in HubSpot, and we use HubSpot to send newsletters to subscribers.

For more information, visit HubSpot's Privacy Policy.

Google Analytics

We use Google Analytics to understand how visitors interact with our Website. Where you consent to marketing cookies, we also activate Google Signals for cross-device analytics.

For more information, visit Google's Privacy Policy.

Microsoft Clarity

We use Microsoft Clarity to analyse user behaviour through session recordings and heatmaps. We use Clarity with privacy settings enabled to automatically mask and prevent the capture of sensitive data. Microsoft Clarity processes this data on our behalf and does not use it for its own purposes.

For more information, visit Microsoft's Privacy Statement.

Figma Sites

Our Website is hosted on Figma Sites. Figma may process certain technical data related to website delivery and performance. Figma Sites may process certain technical data via global CDN and hosting providers, including locations outside your region.

For more information, visit Figma's Privacy Policy.

These service providers act as data processors on our behalf and are contractually obligated to process your data only as instructed by us and in accordance with applicable data protection laws.

International Data Transfers

Some of our third-party service providers (Google, Microsoft, HubSpot, Fillout, Figma) are based in the United States. When you provide personal data or consent to cookies, your data may be transferred to and processed in the United States or other countries outside the UAE and European Economic Area (EEA).

When your data is transferred to the United States, your data may be subject to access requests by U.S. public authorities, which may not provide the same level of protection as the GDPR. We rely on the European Commission's Standard Contractual Clauses together with additional technical and organisational measures to protect your data.

These providers have implemented appropriate safeguards for international data transfers, including:

• EU Standard Contractual Clauses
• Compliance with recognised data protection frameworks

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law.

Contact Form Submissions and CRM Data

We retain contact form submissions and CRM data for as long as they are relevant to our business relationship and internal record-keeping needs. You may request deletion at any time.

Newsletter Subscribers

We retain your email address and subscription preferences until you unsubscribe or request deletion.

Analytics Data

Analytics data is retained according to the retention periods set by each analytics provider (typically up to 26 months for Google Analytics).

Website Cookies

Cookie retention periods vary by type. Please see our Cookie Policy for specific durations.

You may request deletion of your personal data at any time by contacting us at info@marafgroup.com.

Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

Under GDPR (for EU/EEA visitors)

If you are located in the European Union or European Economic Area, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request restriction of processing in certain circumstances
• Data Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

You also have the right to lodge a complaint with your local data protection supervisory authority.

Under UAE Data Protection Law

If you are located in the UAE, you have similar rights including:

• Access to your personal data
• Correction of inaccurate data
• Erasure of data in certain circumstances
• Restriction of processing
• Objection to processing

These rights apply when UAE data protection law governs the processing of your personal data.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: info@marafgroup.com

We will respond to your request within one month. In certain circumstances, we may need to verify your identity before processing your request.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure data transmission (HTTPS/TLS encryption)
• Access controls to limit data access to authorised personnel
• Use of reputable third-party service providers with strong security practices
• Privacy settings enabled on analytics tools to mask sensitive data

While we take reasonable steps to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

Data Protection Impact Assessments

Where required under GDPR, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimise data protection risks associated with new processing activities or technologies.

Third-Party Links

Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

Children's Privacy

Our Website and services are designed for businesses (B2B) and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at info@marafgroup.com, and we will take steps to delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. Any changes will be posted on this page with an updated effective date.

We encourage you to review this policy periodically. If we make significant changes that affect how we process your personal data, we will notify you through our Website or by other appropriate means.

Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:

M R F TECHNOLOGY CONSULTANCY L.L.C
4-B-19, Bin Dasmal Building, Al Quoz Industrial First

Dubai, UAE
Email: info@marafgroup.com

This Privacy Policy was last updated on 2 December 2025.