Privacy policy
Table of Contents
Table of Contents
1. INTRODUCTION
1.1. Capital Catering and Services – Sole Proprietorship L.L.C., a division of Abu Dhabi National Exhibitions Company (ADNEC) Group (“CC”, “we”, “our”, or “us”), values your privacy and is committed to protecting personal data with transparency, responsibility, and in full compliance with the applicable laws of the United Arab Emirates, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and Cabinet Decision No. 32 of 2024 (“UAE PDPL”).
1.2. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information relating to individuals, corporate clients, vendors, and guests who engage with our catering, event management, and hospitality services.
1.3. This Policy applies to all personal data processed by CC through our service delivery channels, including food catering, event management, venue-based services, online ordering, and marketing activities. By using our services, whether through our website, in person, or via our partners, you acknowledge and consent to the processing of your personal data in accordance with this Policy
2. SCOPE OF THE POLICY
2.1. This Policy governs the collection and processing of all personal data handled by CC through its websites, booking systems, portals, and communication channels. It applies to:
- B2C (Business-to-Consumer): individual clients, guests, and end users engaging CC services directly; and
- B2B (Business-to-Business): representatives of corporate clients, suppliers, contractors, and partners
engaging for service delivery, contracting, or collaboration.
3. ROLE AS DATA CONTROLLER OR PROCESSOR
3.1. This Privacy Policy applies where we are acting as a data controller with respect to your personal data as a visitor of our website and/or user of our products or services; in other words, where we determine the purposes and means of the processing of your personal data.
3.2. We will only process your personal data in the manner set out in this Privacy Policy if you have specifically agreed or consented to us doing so (for example through your explicit acceptance of this Privacy Policy or via an electronic tick-box or other similar measures as required by the PDP Law).
3.3. In certain cases, personal data may be processed without explicit consent, where necessary for the performance of contractual obligations, legal compliance, or legitimate business interests (e.g., supplier onboarding, invoicing, or contractual communications).
4. THIRD-PARTY LINKS
4.1. Our Platforms may contain links, plug-ins, or applications that connect to external websites, applications, or services not operated or controlled by CC. When accessing such third-party platforms (including delivery partners, payment gateways, or social media sites), their respective privacy policies and practices shall apply. CC and its affiliated entities disclaim any responsibility or liability for the privacy, content, or
security practices of these third-party websites. We strongly encourage you to review the privacy statements of every website or service you visit, as this Privacy Policy applies solely to information collected directly by CC through its own Platforms.
5. CATEGORIES OF DATA COLLECTED
5.1. We collect personal and business-related data in the course of our operations, including when you place an order, register for an event, request catering services, interact with our staff, or engage with our online platforms. Such data is collected directly from you or, in the case of corporate engagements, from your employer or organization.
5.2. We may collect, use, store and transfer different kinds of Personal Data, grouped as follows:
a. Identity Data – includes title, first name, last name, username, profession, designation, educational attainment, nationality, and gender.
b. Contact Data – includes billing address, delivery address, email address, telephone and mobile numbers.
c. Technical Data – includes Internet Protocol (IP) addresses, login data, browser type and version, time zone setting and location, operating system and platform, device identifiers, and information about your website interaction (e.g., clickstream data, access times, response speeds, and browsing behaviour).
d. Profile Data – includes username, password, interests, preferences, feedback, survey responses, and purchase history.
e. Usage Data – includes information about how you use our website, mobile applications, products, and services.
f. Marketing and Communications Data – includes your preferences in receiving marketing communications from us and from authorised third parties, and your communication preferences.
g. Transaction and Payment Data – includes limited payment information such as card type, issuing bank, and transaction confirmation details. We do not collect or store complete card numbers, CVV codes, or full payment credentials.
h. Health and Dietary Data – includes allergy, dietary preference, and accessibility information voluntarily provided by you to facilitate safe and customized service delivery
5.3. When services are provided to corporate clients, CC may receive Personal Data (such as names, contact details, or dietary preferences) of employees, contractors, or event attendees from such corporate entities. The corporate client shall act as the “Data Controller” and CC as the “Data Processor” in respect of such data. The corporate client is responsible for obtaining all necessary authorisations, notices, and consents from its employees, guests, or representatives before disclosing their data to CC. All such processing is governed by contractual obligations ensuring compliance with the laws and, where applicable, international data protection standards.
5.4. We may collect limited payment details (e.g., card type, issuing bank) but do not retain full card numbers or CVV codes. We also collect technical and analytical data automatically through cookies, such as IP addresses, browser identifiers, and usage logs, to improve our online services
5.5. You are responsible for ensuring that any Personal Data provided to us is accurate, complete, and up to date. Submission of data is voluntary; however, failure to provide essential information may limit or prevent the provision of certain services.
5.6. We automatically collect certain technical and analytical data when you interact with our online platforms. This includes cookies, web beacons, and similar tracking technologies used to understand usage patterns, enhance website functionality, improve service delivery, and secure our digital systems.
5.7. Aggregate Data: We may generate and process Aggregated Data (such as statistical or demographic insights) derived from your Personal Data. Aggregated Data does not directly or indirectly identify you and is used for internal analysis, service optimisation, and performance reporting. Where Aggregated Data is combined with identifiable data, it shall be treated as Personal Data in accordance with this Privacy Policy
5.8. If you fail to provide personal data: Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
6. CHILDREN AND MINORS
6.1. Our services are primarily directed toward adults. Where catering or event services involve minors (e.g., family functions or school events), personal data of children shall only be processed with the verified consent of a parent or legal guardian.
7. PURPOSE AND LEGAL BASIS OF PROCESSING
7.1. We process your personal data for legitimate business and operational purposes, including:
a. Delivering catering, hospitality, and event management services according to your orders or contractual arrangements;
b. Managing bookings, payments, invoicing, and delivery logistics;
c. Customizing menus, dietary options, and hospitality experiences to accommodate your stated preferences, health information, and accessibility needs;
d. Providing customer support, confirmations, and operational updates relating to your orders or events;
e. Conducting satisfaction surveys, service quality assessments, and promotional outreach (subject to your consent where required);
f. Maintaining business records and ensuring compliance with applicable UAE food safety, health, accounting, and data protection regulations;
g. Protecting against fraud, misuse, or unauthorized access to our systems, platforms, and physical premises; and
h. Managing supplier and business partner relationships, including for B2B transactions and service coordination.
7.2. The lawful bases for our processing of your data include, performance of contract, compliance with legal obligations, legitimate business interests, and, where applicable, your consent. We will seek renewed consent if such processing extends beyond the original purpose.
8. HOW IS YOUR PERSONAL DATA COLLECTED?
8.1. We may collect your Personal Data directly when you engage with us, including when you place an order, register for an event, submit an enquiry, apply for a vacancy, or communicate with our staff via phone, email, or our online platforms. This may include Identity, Contact, and Transactional Data relevant to the nature of your interaction, by filling in forms on the Platforms or by corresponding with us by phone, e-mail or otherwise.
8.2. Automated technologies or interactions: When you interact with our website or digital platforms, we may automatically collect Technical Data about your equipment, browsing patterns, and usage behaviour through cookies, analytics tools, and other tracking technologies. For further details, please refer to our Cookie Policy.
8.3. Third parties and public sources: This is information we receive about you if you use any of the other sites we operate or the other services we provide. We may work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).
8.4. Where services are delivered to corporate clients, we may receive limited Personal Data of their employees, guests, or representatives for operational purposes. In such cases, the corporate client is responsible for ensuring that all necessary consents and notices are in place prior to sharing such information.
9. CONSENT MANAGEMENT
9.1. Where consent forms the legal basis for processing your data, you may withdraw it at any time by contacting us. Withdrawal of consent does not affect the processing lawfully carried out prior to such withdrawal.
10. MARKETING AND COMMUNICATIONS
10.1. If you subscribe to our mailing list or opt-in for marketing communications, we may send you updates about our venues, offers, and upcoming events. You may unsubscribe at any time by following the “unsubscribe” link provided in our emails or contacting us directly. We may, on occasion, share communications on behalf of trusted partners, however, your data will never be sold for third-party marketing.
11. GEOGRAPHICAL SCOPE
11.1. CC serves a wide array of clients across local and international territories. While our operational headquarters is located in Abu Dhabi, UAE, we regularly interact with clients, exhibitors, and partners throughout the GCC, Levant, North Africa, South Asia, Europe, and other global regions. Accordingly, we maintain robust data protection controls that adhere to the highest regional and international standards for privacy compliance.
12. DATA SHARING AND THIRD-PARTY PROCESSORS
12.1. We may share your data with trusted partners and service providers to facilitate operations. This includes ADNEC Group entities, event organizers, IT and cloud providers, payment gateways, logistics companies, and professional advisors. Each third party is bound by strict confidentiality and data protection agreements, ensuring compliance with UAE law.
12.2. You acknowledge, confirm, and expressly consent that we may disclose your personal data if this is
required by law, or if we determine in good faith that such disclosure is required in order:
a. to comply with any pending judicial inquiry, judicial order or litigation pertaining to the Platforms;
b. to compel observance of the general terms and conditions of CC;
c. to respond to claims against us regarding personal data that violate any rights of third parties;
d. to safeguard the rights, property and safety of CC, its employees, users and the general public.
12.3. We may disclose your personal data to competent police or judicial authorities or other official government
authorities if we deem this useful or necessary, in our sole discretion, for the investigation of fraud, intellectual property infringement or any other harmful activity, or if we reasonably suspect that such activity may expose us or you to any liability.
13. AUTOMATED PROCESSING AND PROFILING
13.1. We may use rule-based or automated tools to allocate services, schedule deliveries, or personalize offers. Such automated processing is designed to enhance service efficiency and personalization without compromising fairness or privacy and does not produce legal effects or significantly impact you and is always subject to human oversight.
14. DATA ACCURACY
14.1. You are responsible for ensuring that any personal data you provide is accurate, complete, and up to date. CC shall not be liable for any loss arising from reliance on inaccurate or outdated information supplied by you or a third party acting on your behalf. You may request corrections or updates to your Personal Data at any time through the contact channels provided in this Policy.
15. DATA RETENTION
15.1. We retain personal data for the duration necessary to fulfill our contractual or legal obligations. This typically includes seven to ten years for accounting and compliance purposes, and for a reasonable period thereafter to manage inquiries, claims, or post-service engagement.
15.2. As a general guideline, retention may extend between seven (7) to ten (10) years for statutory and audit purposes, and for a reasonable period thereafter to manage queries, complaints, or potential disputes. Data is securely deleted or anonymized once no longer required.
15.3. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
15.4. In alignment with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), the EU General Data Protection Regulation (GDPR), and ADNEC Group’s Data Protection Policy (Section 4.7 – Storage Limitation), personal data shall only be retained for as long as necessary to fulfil the purpose for which it was collected.
15.5. As a best practice:
a. Customer and delivery data (e.g., names, contact numbers, delivery addresses) – retained for up to twelve
(12) months after the last completed order, unless longer retention is required for legitimate business or legal reasons;
b. Transaction and financial records – retained for seven (7) to ten (10) years in accordance with UAE commercial and accounting regulations;
c. Cookies and analytics data – retained for a maximum of thirty (30) days, unless anonymised for statistical or performance purposes;
d. Corporate client data processed as a Data Processor – retained in line with the client’s own retention policy and the applicable Data Processing Agreement (DPA);
e. Archived data related to ongoing disputes or regulatory investigations – retained only for the duration of the matter, then securely deleted or anonymised;
15.6. Once personal data is no longer required, it will be securely deleted or anonymised in line with ADNEC Group’s cybersecurity and data disposal standards.
16. DATA SECURITY AND STORAGE
16.1. We employ robust organizational, technical, and administrative controls to ensure confidentiality and integrity of data, including encryption, multi-factor authentication, controlled access, and ongoing cybersecurity monitoring.
16.2. While CC employs industry-leading safeguards, no internet-based or electronic system can be guaranteed as completely secure. Accordingly, CC disclaims liability for unauthorised or unintended access, use, or disclosure that occurs due to factors beyond its reasonable control, such as cyberattacks, system interruptions, or force majeure events.
16.3. Protecting your own information is equally important. To enhance your security online, you are advised to remain vigilant against “phishing” or impersonation attempts, verify the authenticity of communications claiming to be from CC before clicking on links or providing information and access our services only via official websites and trusted channels.
17. COOPERATION WITH AUTHORITIES
17.1. CC may disclose Personal Data to competent governmental, regulatory, supervisory, or judicial authorities where such disclosure is required by applicable law, regulation, court order, or official request. CC will cooperate in good faith with data protection authorities and other competent agencies to ensure lawful and transparent processing of Personal Data.
18. INTERNATIONAL TRANSFERS
18.1. Certain service providers, partners, or storage systems engaged by CC may process or store Personal Data in jurisdictions outside the UAE or your country of residence. By using our services or providing your Personal Data, you acknowledge and consent that your information may be transferred to and processed in such jurisdictions, which may have data protection laws differing from those of your home country.
18.2. We only make these transfers where we are satisfied that adequate levels of protection are in place to protect any information held in that country or that the service provider acts at all times in compliance with applicable privacy laws. Where required under applicable laws we will take measures to ensure that personal data handled in other countries will receive at least the same level of protection as it is given in your home country.
18.3. Transfers will be protected by appropriate safeguards, namely the use of standard data protection clauses, a copy of which can be obtained from our legal team.
18.4. In the event your personal data is transferred to a foreign jurisdiction, it may be subject to the laws of that jurisdiction and we may be required to disclose it to the courts, law enforcement or governmental authorities in those jurisdictions but we will only do so where required by applicable laws.
19. DATA SUBJECT RIGHTS
19.1. Under the UAE PDPL, you have the right to:
a. the right to access and obtain information – to request confirmation as to whether CC holds personal data
relating to you and to obtain a copy thereof;
b. the right to rectification – to correct or update inaccurate or incomplete personal data;
c. the right to erasure – to request deletion of your personal data where it is no longer required for its original purpose or where consent has been withdrawn;
d. the right to restrict processing – to request suspension of data processing in certain circumstances;
e. the right to object to processing – to object to processing based on legitimate interests or direct marketing purpose;
f. the right to data portability – to request transfer of your data to another controller in a structured, commonly used, and machine-readable format;
g. the right to complain to the UAE Data Office – to submit a complaint before the UAE Data Office if you
believe your rights under the PDPL have been infringed; and
h. the right to withdraw consent – to withdraw your consent at any time where processing is based on consent.
19.2. Requests may be submitted via ithelpdesk@capitalcatering.ae and CC may verify your identity before acting. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
19.3. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
19.4. We endeavour to respond to all legitimate requests within one month. of receipt. Where requests are complex or numerous, this period may be extended by a further two (2) months, with prior notification to you of the reason for delay.
20. LIMITATION OF LIABILITY
20.1. While CC implements comprehensive administrative, technical, and organizational measures to ensure data protection, CC shall not be liable for:
a. the data protection practices of third-party websites, applications, or services linked through CC’s Platforms;
b. unauthorized access, interception, or use of your personal data arising from factors beyond CC’s reasonable control; or
c. any indirect, consequential, or incidental loss arising from your reliance on or use of third-party services.
20.2. Your use of third-party websites or platforms accessed through CC’s digital channels is at your sole risk, and such third parties’ respective privacy statements shall apply.
21. POLICY UPDATES
21.1. This Privacy Policy may be updated from time to time to reflect changes in our practices, technology, legal obligations, or service offerings. Any amendments will be published on our website with an updated “Last Updated” date. Where required, we will notify you of significant changes and seek renewed consent.
22. CONTACT US
22.1. If you have any questions or concerns about this Privacy Policy or the handling of your personal data, you may contact us at cybersecurity@modon.com