This privacy policy sets out how Cendale Documents Clearing Services FZCO, as the operator of tenantscreen.ae, handles personal data in connection with use of the site. The policy is written for the Phase 1 reference posture of the site, in which the site is a publisher of reference content and does not offer screening services. The policy will be revised at the point of any future change in the site’s scope of activity. The applicable law is Federal Decree-Law No. 45 of 2021 concerning the Protection of Personal Data.
Controller
The controller for the purposes of personal data processed in connection with this site is Cendale Documents Clearing Services FZCO, Trade Licence 78065 issued by the Dubai Silicon Oasis Authority, with offices at Suite 2604, Aspect Tower, Business Bay, Dubai. Correspondence about personal data matters is directed through the contact channel on cendale.ae, marked for the attention of the data protection point of contact.
What personal data the site collects
The site, in its present phase, collects only the personal data necessary for the site to function and to be operated responsibly. The categories are limited and are identified below. The site does not, in this phase, collect data submitted by users for screening purposes; the architecture for such collection is not present on the site, and a user who attempts to submit personal data through any channel of the site is not understood to have done so.
Web analytics
The site uses standard web analytics tools to understand how visitors arrive at the site, which pages they read, and how they navigate the content. The data collected includes the user’s IP address (in truncated form where the analytics provider supports truncation), the user’s device and browser type, the pages visited, the times of visits, and the referring source where one is identifiable. The data is processed for the purpose of understanding site usage and improving the site’s editorial coverage.
Cookies
The site uses cookies for the purposes identified below: a session cookie that supports the site’s technical operation; analytics cookies that support the web analytics described above; and where applicable, a preference cookie that retains the user’s acknowledgement of the site’s cookie notice. The site does not use advertising cookies, retargeting cookies, or cookies that aggregate the user’s activity across other sites for commercial purposes. A detailed list of the specific cookies in use is available on request through the contact channel above.
Correspondence
Where a user contacts the operator through the contact channels published on cendale.ae, the operator processes the contact details and the content of the correspondence for the purpose of responding to it. This data is retained for as long as is necessary to address the matter raised and for a reasonable period thereafter for record-keeping; it is not used for any unrelated purpose.
Lawful basis for processing
The processing of personal data described above rests on the following lawful bases under Federal Decree-Law No. 45 of 2021.
Web analytics and technical cookies
Processed on the basis of the operator’s legitimate interest in understanding how the site is used and ensuring it functions correctly. The processing is limited to the minimum necessary for these purposes, the data is held in aggregated or pseudonymised form where the analytics provider permits, and the processing does not affect users’ rights or freedoms in any material way.
Correspondence
Processed on the basis of the operator’s legitimate interest in responding to inquiries received, and on the basis of the implied consent of a user who initiates contact for the purpose of being responded to.
Preference cookies
Processed on the basis of the user’s consent given through the site’s cookie notice.
Retention
Personal data is retained only for as long as the purpose of processing requires.
Web analytics data is retained for a period not exceeding twenty-six months from collection, in aggregated form where the analytics provider supports aggregation. Data older than this period is removed from active analytics systems.
Correspondence is retained for as long as the matter raised is being addressed and for a period of thirty-six months thereafter for record-keeping. Correspondence that gives rise to ongoing matters is retained for the duration of those matters.
Technical and session cookies are retained for the duration of the session or, where they support functionality across sessions, for a period not exceeding twelve months. Preference cookies are retained until the user clears them or until twelve months from their setting, whichever is sooner.
Disclosure
The operator does not sell personal data. The operator does not share personal data with third parties for marketing purposes.
Personal data may be processed by third party service providers acting on the operator’s behalf, including the analytics provider, the website hosting provider, and the email service provider through which correspondence is handled. These providers process the data only on the operator’s instructions and subject to contractual obligations consistent with Federal Decree-Law No. 45 of 2021.
Personal data may be disclosed where required by law, by a court of competent jurisdiction, or by a regulator with authority over the operator’s activities. Where such a disclosure is required, the operator considers the request carefully and discloses only what is required and proper.
Cross-border transfers
Some of the third party service providers identified above may process personal data in locations outside the United Arab Emirates. Where such transfers occur, they are made in accordance with the requirements of Federal Decree-Law No. 45 of 2021 for cross-border transfers of personal data: to recipient jurisdictions with an adequate level of protection, or under contractual safeguards that provide a comparable level of protection, or on a lawful basis identified in the law.
Security
The operator takes reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include access controls, encrypted connections to the site, encrypted storage where appropriate, regular security review, and the use of service providers that themselves maintain appropriate security standards. No security measures eliminate the residual risk of unauthorised access; the operator commits to addressing any breach promptly and to notifying affected parties and regulators where the law requires it.
Rights of the data subject
Under Federal Decree-Law No. 45 of 2021, a person whose personal data is processed by the operator has the following rights, which the operator honours.
The right to be informed
To be told what personal data is processed, for what purposes, and on what lawful basis. This policy is the primary written articulation of that information; further detail is provided on request.
The right of access
To request a copy of the personal data the operator holds about them, in a form that is intelligible and that identifies the categories, sources, and purposes of processing.
The right of correction
To request correction of personal data that is inaccurate, incomplete, or out of date.
The right of erasure
To request that personal data be deleted where the law permits, including where the data is no longer needed for the purposes for which it was collected, where the user withdraws consent that was the lawful basis for processing, or where the data has been unlawfully processed.
The right to object
To object to processing that rests on the operator’s legitimate interest, on grounds relating to the user’s particular situation.
The right to restrict processing
To request restriction of processing where the accuracy of data is contested, where processing is unlawful but the user prefers restriction to erasure, or in other circumstances permitted by the law.
The right to data portability
Where personal data has been provided by the user to the operator and is processed on the basis of consent or contract and by automated means, to receive that data in a structured, commonly used, machine-readable format and to transmit it to another controller.
The right to lodge a complaint
To raise a complaint with the operator directly and, if the complaint is not resolved satisfactorily, to escalate to the UAE Data Office or another competent supervisory authority.
Exercising rights
To exercise any of the rights above, a user may contact the operator through the channels published on cendale.ae, marking the correspondence for the attention of the data protection point of contact. The operator responds within the period the law specifies and without charge in ordinary circumstances. Where a request is manifestly unfounded or excessive, the operator may charge a reasonable fee or decline to act, in accordance with the law.
Children
The site is not directed at children. The operator does not knowingly collect personal data from children. Where the operator becomes aware that personal data of a child has been collected, the data is deleted promptly.
Changes to this policy
This policy may be updated from time to time, including at the point of any change in the scope of the site’s activity. The date of the most recent update appears at the foot of this page. Material changes are reflected in the site’s standard editorial review; users are not separately notified of changes.
Last updated
This policy was last updated in May 2026.
Contact for data protection matters
Correspondence on data protection matters is directed through the contact channel on cendale.ae, marked for the attention of the data protection point of contact. Cendale Documents Clearing Services FZCO. Suite 2604, Aspect Tower, Business Bay, Dubai. Telephone +971 4 548 3201.