CITI VETURE GROUP – FZCO
Registration No.: DSC-FZCO-22428 | Licence No.: 24152
Office: Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates
(“CVG UAE”, “we”, “us”, “our”)

Last updated: 29-Dec-2025

---

1. Purpose and scope

1.1 This Privacy Policy explains how CVG UAE collects, uses, stores, shares and protects personal data when you:

• visit or use our website, portals, forms or online services;
• communicate with us (including email, telephone, WhatsApp, VOIP, social media);
• engage or enquire about our services; or
• otherwise interact with CVG UAE in a professional or commercial capacity.

1.2 This Privacy Policy applies globally and must be read together with our Terms & Conditions, Disclaimer, Cookie Policy, and Website Terms of Use, which prevail in the event of inconsistency.

---

2. Data controller and legal capacity

2.1 CITI VETURE GROUP – FZCO is the data controller for personal data processed under this Privacy Policy.

2.2 CVG UAE acts solely in its own legal capacity. No affiliate, associated or referred entity acts as joint controller unless expressly agreed in writing.

---

3. Applicable law and regulatory framework

3.1 We process personal data in accordance with:

• UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and its implementing regulations;
• applicable UAE Free Zone regulations; and
• where relevant, internationally recognised data-protection principles (including GDPR-aligned standards for EU/UK data subjects, to the extent applicable).

3.2 This Privacy Policy does not create or imply any regulated status, fiduciary duty or professional advisory obligation.

---

4. Categories of personal data we collect

We may collect and process the following categories of personal data, depending on your interaction with us:

4.1 Identification and contact data

• full name, nationality, date of birth;
• passport or ID details (where required);
• residential or correspondence address;
• email address, telephone, WhatsApp or VOIP numbers.

4.2 Professional and business data

• company name, role, business activities;
• corporate documents and ownership details;
• project-related correspondence and records.

4.3 Immigration, education and compliance data (where applicable)

• visa or residency-related documents;
• educational records and certificates;
• application forms, statements, supporting documentation.

4.4 Financial and transactional data

• invoices, payment records, bank details (where necessary);
• proof of funds or source-of-funds documentation (for compliance purposes).

4.5 Technical and usage data

• IP address, device identifiers, browser type;
• website usage data, cookies and analytics (see Cookie Policy).

4.6 Communications
• emails, messages, calls, meeting notes and recordings (where lawful).

---

5. Source of personal data

5.1 Personal data is primarily collected:

• directly from you;
• from authorised representatives acting on your behalf; or
• from third parties you instruct or consent to engage (e.g., lawyers, agents, institutions).

5.2 We may also receive data from public sources, regulators or authorities where lawful.

---

6. Purposes of processing

We process personal data for the following lawful purposes:

• providing, administering and managing our services;
• responding to enquiries and communications;
• preparing documentation, submissions and administrative materials;
• liaising with authorities, free zones, institutions, endorsement bodies and service providers;
• compliance with legal, regulatory, AML, CTF and sanctions obligations;
• billing, accounting and record-keeping;
• internal management, risk assessment and quality control;
• website security, analytics and performance;
• marketing and business development (subject to consent where required);
• protecting our legal rights and managing disputes.

---

7. Legal bases for processing

Depending on the context, we rely on one or more of the following legal bases:

• performance of a contract or steps taken at your request;
• compliance with legal or regulatory obligations;
• our legitimate interests (including service delivery, fraud prevention, security, and business operations);
• your consent (where required by law); and
• protection of legal rights.

---

8. Accuracy and client responsibility

8.1 You are solely responsible for ensuring that all personal data you provide is accurate, complete, lawful and up to date.

8.2 CVG UAE may rely on personal data provided without independent verification and shall not be liable for consequences arising from inaccurate, incomplete, misleading, falsified or forged data.

---

9. Data sharing and disclosures

9.1 We may disclose personal data to:

• government bodies, free zone authorities, regulators or courts;
• immigration authorities, educational institutions and endorsement bodies;
• professional advisers and licensed third-party service providers (administrative facilitation only);
• IT, hosting, analytics, marketing and security providers;
• banks and payment processors;
• insurers, auditors and legal advisers;
• overseas partners strictly as required for service delivery.

9.2 All recipients act under their own legal and regulatory responsibilities. CVG UAE does not control or assume liability for third-party processing once lawfully disclosed.

---

10. International data transfers

10.1 Personal data may be transferred to and processed in jurisdictions outside the UAE.

10.2 Where required, we implement appropriate safeguards, including contractual protections and access controls.

10.3 By engaging with CVG UAE, you acknowledge and accept such transfers to the extent permitted by law.

---

11. Data retention

11.1 We retain personal data only for as long as necessary to:

• fulfil the purposes set out in this Privacy Policy;
• comply with legal, regulatory and AML obligations; and
• protect our legal interests.

11.2 Retention periods may extend beyond termination of services where required by law or reasonably necessary.

---

12. Data security

12.1 We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration.

12.2 No system is completely secure. To the maximum extent permitted by law, CVG UAE excludes liability for data breaches, cyber incidents or unauthorised access not caused by our wilful misconduct or gross negligence.

---

13. Cookies and online tracking

13.1 We use cookies and similar technologies as described in our Cookie Policy.

13.2 You can manage cookie preferences through browser settings or our cookie management tools.

---

14. Marketing communications

14.1 We may send marketing or informational communications where permitted by law or with your consent.

14.2 You may opt out at any time using the unsubscribe mechanism or by contacting us.

---

15. Data subject rights

15.1 Subject to applicable law, you may have the right to:

• request access to your personal data;
• request correction or updating;
• request deletion or restriction of processing;
• object to certain processing activities;
• withdraw consent (where applicable).

15.2 Rights are not absolute and may be limited by legal, regulatory, contractual or compliance obligations.

---

16. No personal liability

To the maximum extent permitted by law, no director, officer, shareholder, employee, consultant or agent of CVG UAE shall bear personal liability in relation to the processing of personal data. Any liability (if any) attaches solely to CVG UAE as a corporate entity.

---

17. Third-party websites

Our website may contain links to third-party websites. We are not responsible for their privacy practices or content.

---

18. Updates to this Privacy Policy

We may update this Privacy Policy at any time. The latest version will be published on our website. Continued use of our services or website constitutes acceptance where permitted by law.

---

19. Contact and complaints

For privacy-related enquiries or requests:

Email: admin@citiventuregrup.com
Address: Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, UAE

If you believe your rights have been infringed, you may also contact the relevant UAE data-protection authority.

---

20. Governing law

This Privacy Policy shall be governed by and construed in accordance with the laws of the United Arab Emirates, as applied in the relevant UAE Free Zone.