Legal

Privacy Policy

How Micella Sourcing Consultant Limited collects, uses, and protects personal data, in accordance with the DIFC Data Protection Law 2020.

Last updated: 5 July 2026Jurisdiction: DIFC, Dubaiprivacy@micella.ae
Plain-language summary

Micella is a B2B sourcing company. We only hold business contact details (name, email, phone) of company representatives. We do not sell your data, transfer it outside the DIFC, or use it for marketing. Email privacy@micella.ae at any time to ask what we hold or request deletion.

Who We Are

Micella Sourcing Consultant Limited ("Micella", "we", "us") is a DIFC-registered sourcing and trading company headquartered at Innovation One Building, Dubai International Financial Centre, Dubai, UAE (DIFC License #12352).

We act as the Data Controller for all personal data we collect and process. This means we determine how and why personal data is used. Our privacy contact is: privacy@micella.ae.

What Personal Data We Collect

We process a minimal set of personal data, limited to what is necessary for our business operations. This consists of:

  • Business contact details of company representatives: name, business email address, and phone number
  • Company name and shipping/delivery address (where relevant for order fulfilment)
  • Communications you send us: the content of your enquiries and, if you contact us by phone or WhatsApp, your phone number and WhatsApp profile name

We do not collect sensitive personal data (special categories), we do not process data relating to children, and we do not use automated decision-making or profiling.

Why We Process Your Data & Legal Basis

Responding to enquiries. When you contact us about our products or services, we use your contact details to respond. Legal basis: Legitimate Interests (Article 13, DIFC DP Law 2020).

Supplier & customer relationship management. We maintain contact information to manage ongoing business relationships, issue quotes, and fulfil orders. Legal basis: Legitimate Interests and Contractual Necessity.

Legal compliance. We may retain records as required by applicable UAE and DIFC commercial law (typically 7 years for commercial documents). Legal basis: Legal Obligation.

Data subject rights management. We process requests submitted to privacy@micella.ae to fulfil your rights under the DIFC DP Law 2020. Legal basis: Legal Obligation.

Who We Share Your Data With

We do not sell or rent personal data. We share data only where strictly necessary:

  • Logistics and shipping agents receive name and delivery address for the purpose of order fulfilment only
  • The DIFC Commissioner's Office, if required by law (e.g. breach notification)
  • Meta Platforms, Inc. (WhatsApp): if you choose to contact us via WhatsApp, your phone number, WhatsApp profile name and message content are processed by Meta in order to deliver that conversation

International transfers. We keep personal data within the DIFC wherever possible. The exception is WhatsApp: if you choose to message us there, your data is transmitted to and processed by Meta on infrastructure outside the DIFC, including the United States and other countries where Meta operates. This transfer happens only because you have chosen to initiate contact through that channel; we rely on the derogations in Article 27 of the DIFC DP Law 2020 (a transfer necessary for pre-contractual communication taken at your request, made with your informed choice to use WhatsApp). Meta processes this data under its own terms and privacy policy, which we do not control. If you would prefer your personal data not to leave the DIFC, please contact us by email, phone or post rather than WhatsApp.

How Long We Keep Your Data

We retain personal data only as long as necessary:

  • Enquiry and correspondence records (email, phone and WhatsApp): 3 years from last contact
  • Supplier and customer relationship data: duration of relationship plus 5 years
  • Signed contracts and commercial documents: 7 years (UAE commercial law)
  • Data subject rights requests: 3 years from resolution
  • Breach incident records (if any): 5 years from incident date

After the applicable retention period, data is securely deleted.

Your Rights

Under the DIFC Data Protection Law 2020 (Parts 5 and 6), you have the right to:

  • Access · request a copy of the personal data we hold about you
  • Rectification · ask us to correct inaccurate or incomplete data
  • Erasure · request deletion where there is no lawful reason to retain it
  • Restriction · ask us to limit how we process your data
  • Objection · object to processing based on legitimate interests
  • Portability · receive your data in a structured, machine-readable format

To exercise any of these rights, contact us at privacy@micella.ae or by writing to our registered address. We will respond within 30 days. There is no charge for reasonable requests.

If you are unsatisfied with our response, you have the right to lodge a complaint with the DIFC Commissioner's Office (commissioner.office@difc.ae).

Security

We take reasonable and appropriate measures to protect personal data against unauthorised access, loss, or disclosure. Our measures include:

  • Microsoft 365 enterprise-grade email security for all communications
  • Access restricted to Micella principals only
  • Password-protected accounts with multi-factor authentication where available

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the DIFC Commissioner's Office within 72 hours and, where required, notify affected individuals directly.

Contact & Updates

For any privacy-related queries, requests, or concerns:

Email: privacy@micella.ae
Phone / WhatsApp: +971 50 628 1708
Post: Micella Sourcing Consultant Limited, Innovation One Building, Dubai International Financial Centre, Dubai, UAE

This policy was last updated on 5 July 2026. We review it annually and will update this page if our processing activities change materially. We encourage you to check back periodically.

Micella Sourcing Consultant Limited is registered in the Dubai International Financial Centre (DIFC License #12352) and operates under the DIFC Data Protection Law 2020. Complaints may be directed to the DIFC Commissioner's Office at commissioner.office@difc.ae.