1.1 Scope, Roles and Regulatory Context
This Privacy Policy applies to all personal data processed by Global Workforce through GlobalWorkforce.cloud, associated applications, uploaded forms, messaging channels, portals, payment workflows, internal dashboards and related support systems. Depending on the transaction structure, the Company may act as a controller, processor, intermediary processor, data coordinator or introducer with respect to particular data sets. The User acknowledges that the Platform operates in a cross-border recruitment environment in which employers, agencies, manpower suppliers, embassies and authorities may independently determine how data submitted by a User is subsequently used once lawfully shared for processing or verification purposes.
The Company intends to operate its data handling practices with regard to the UAE legal framework concerning personal data protection and electronic transactions, including the official UAE references concerning Federal Decree-Law No. 45 of 2021 regarding the protection of personal data and Federal Decree-Law No. 46 of 2021 concerning electronic transactions and trust services. Nothing in this Privacy Policy shall be interpreted as limiting any lawful disclosure, retention or processing required for legal compliance, fraud prevention, contract performance, dispute management, regulatory response, evidence preservation or the protection of the Company's rights, staff, systems or commercial operations.
1.2 Categories of Personal Data Collected
The Company may collect identity data, contact data, account credentials, passport details, national identity card information, visa-related information, residence details, education records, professional history, employment references, photographs, white-background images, police clearance certificates, medical or fitness-related submission records, interview scheduling data, job-preference data, payment records, receipts, communications content, device information, IP addresses, user-agent strings, activity logs and other profile information relevant to recruitment or immigration processing. Where a User uploads information about family members, emergency contacts, referees, corporate representatives or witness contacts, the User represents that such disclosure is lawful and appropriately authorized.
The Company may also generate derived data, including workflow status, risk flags, document verification notes, duplicate detection outputs, audit references, internal operational comments, route suitability assessments, payment reconciliation data and acceptance logs showing policy versions, timestamps and device indicators. These derived records are part of the Platform's compliance and evidence architecture and may be retained even if an original submission is withdrawn, rejected or later amended. Users should therefore avoid submitting excess information beyond what is reasonably requested, while understanding that the Company may require extensive documentation in order to route a matter to employers, agencies, embassies or authorities.
1.3 Lawful Use of Personal Data
The Company may use personal data to create and maintain user accounts, verify identity, organize candidate profiles, assess documentation completeness, coordinate with manpower suppliers and employers, transmit profiles for review, schedule interviews, prepare embassy-facing submissions, answer user inquiries, manage payments, investigate complaints, prevent fraud, protect system integrity, enforce contractual rights, maintain audit trails and comply with legal or regulatory obligations. The Company may also use personal data to improve workflow efficiency, refine document requirements, detect duplicate or suspicious activity, and maintain consistent service records across applicant, employer, agency and administrative channels.
The User understands that the Company's processing is tied to an operational service environment and that refusal to provide certain data may render the Company unable to create a profile, route an application, verify documents, continue a process, or address a complaint. The Company does not undertake to separate data into artificial silos where operational efficiency or evidence preservation requires integrated records. However, the Company will seek to restrict access internally on a role-based basis and will structure visibility rules so that agencies, manpower suppliers and applicants receive only the data that the Company elects to share for the applicable workflow or contractual purpose.
1.4 Data Sharing with Employers, Agencies, Embassies and Authorities
The User expressly authorizes the Company to share personal data and documents, in whole or in part, with employers, manpower suppliers, agencies, recruitment counterparts, subcontractors, support providers, visa processing consultants, document verification providers, courier providers, payment processors, hosting providers, embassies, consulates, labor authorities, immigration offices, police authorities, medical centers or other persons or institutions that the Company reasonably considers relevant to the handling, submission, review, verification or escalation of the matter. Such disclosure may include sensitive personal documents where required by the destination country, employer, route requirement or legal obligation.
Once information has been lawfully transmitted to a third party for recruitment or visa processing, the Company cannot control that recipient's independent retention periods, review procedures, internal policies, cross-border transfers or legal obligations. The User therefore acknowledges that the Company is not liable for delays, decisions, secondary processing, document requests, internal employer reviews, embassy requirements or governmental retention practices that arise after disclosure. Where legally or operationally necessary, the Company may also disclose records without further notice in response to court orders, law enforcement requests, regulatory inquiries, sanctions screening, anti-fraud checks, cybersecurity incidents or claims affecting the Company's rights or defenses.
1.5 Cross-Border Transfers and International Processing
Because the Platform coordinates international recruitment and visa activities, personal data may be processed in or accessed from multiple jurisdictions, including jurisdictions that do not provide the same level of statutory data protection as the country in which the User originally supplied the information. By using the Platform, the User expressly consents to such cross-border transfers and acknowledges that international routing is intrinsic to the service model. The Company may use cloud hosting, communication systems, storage providers, support tools and operational vendors that process information in geographically distributed environments.
The Company will seek to use commercially reasonable safeguards appropriate to the nature of the processing, but it does not warrant that every destination country, receiving institution or external participant will apply identical legal standards, security arrangements or user-rights mechanisms. The User accepts that certain disclosures are necessary to pursue overseas employment, interview scheduling, document review or visa-related processing and that refusing international transfer may make the requested service impossible to perform. Where local law requires additional transfer safeguards, the Company may implement them at its discretion without assuming broader liability for the receiving party's independent conduct.
1.6 Data Retention, Audit Trails and Security Limitations
The Company retains personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including active processing, re-submission handling, dispute resolution, audit defense, fraud monitoring, payment reconciliation, evidence preservation, legal compliance and operational continuity. Even where a process is rejected, closed, delayed or terminated, the Company may retain account details, communications, uploaded records, device identifiers, policy acceptance logs and audit data for a longer period where such retention is prudent or necessary to protect the Company against claims, regulatory requests, chargebacks, impersonation, repeated abuse or later evidentiary needs.
The Company maintains technical and organizational measures intended to reduce unauthorized access, misuse or loss. Nevertheless, no system, network, cloud environment, file-transfer method, device environment or internet-based transmission channel is completely secure, and the Company does not warrant absolute confidentiality, perfect availability or immunity from cyberattack, credential theft, service interruption, unlawful access, data corruption or human error. Users are responsible for maintaining secure devices, limiting account sharing, using accurate contact details and promptly notifying the Company of suspected compromise. To the fullest extent permitted by law, the Company disclaims liability for unauthorized access events not caused by its proven willful misconduct.
1.7 User Rights, Corrections and Limitations on Deletion Requests
Subject to applicable law, a User may request access to certain personal data held by the Company, request correction of inaccurate information, or request that specific records be updated where they are incomplete or materially misleading. The Company may require identity verification before acting on any request and may refuse, delay or limit a request where compliance would prejudice fraud prevention, compromise another person's privacy, interfere with contractual obligations, undermine evidence preservation, conflict with legal duties, affect ongoing processing, or create disproportionate operational burden relative to the nature of the request.
Requests for erasure or restriction shall be considered in light of the Company’s legitimate need to maintain records relating to payments, policy acceptance, disputes, chargebacks, document history, security events, employment routing, employer instructions and legal compliance. Because recruitment and visa processing may depend upon preserving a stable historical record, the Company is not obliged to delete data merely because a User changes intention, withdraws from a process or disputes an external outcome. A request may therefore result in limited suppression, archival restriction or profile closure rather than full erasure. The Company may also preserve immutable audit entries showing that a user interacted with the Platform and accepted controlling policies.
1.8 Policy Changes and Contact Concerning Privacy Matters
The Company may update this Privacy Policy from time to time to reflect legal developments, regulatory guidance, operational changes, product evolution, security requirements, new service lines or revised data-sharing arrangements. The latest version published on the Platform shall apply from its stated effective date, and continued use of the Platform after publication shall constitute acknowledgment of the revised text. Where the Company considers an update material, it may request renewed acceptance through a checkbox, portal banner, email notice or account prompt, and the User agrees that such electronic acceptance shall be binding.
Privacy-related questions, correction requests and notices may be submitted through the Company's official communication channels published on the Platform. The Company may require requests to be made in writing and may ask for supporting documents before acting on them. Nothing in this Privacy Policy creates a private fiduciary obligation, heightened duty of care or guaranteed response timeline beyond what the Company elects to provide. This Policy must be read together with the Terms and Conditions, Service Policy, Refund Policy and Legal Disclaimer, all of which form part of the contractual framework governing the User's relationship with the Platform.