Skip to main content
Request Quote
info@costadevices.com+971 4 501 8125

Home / Privacy

Privacy Policy

Last updated: April 2026

1. Scope and Consent

This Privacy Policy applies to all personal data collected by Costa Devices FZCO ('we', 'us', 'our') globally, including through our website, RFQ portal, and direct communications. By utilizing our B2B procurement platform, you consent to the data practices described herein. We operate in compliance with the UAE Data Protection Law, GDPR (EU), and applicable global frameworks.

2. Information We Collect

As a B2B distributor, we collect professional data necessary for fulfilling commercial transactions. This includes: Identity Data (Name, Title, Company), Contact Data (Corporate Email, Phone, HQ Address), Technical Data (IP addresses, browser type, cookies), and Transactional Data (BOM lists, RFQ history, shipping requirements).

3. Lawful Basis for Processing (GDPR Compliance)

For users in the European Economic Area (EEA), our lawful basis for processing your data under the GDPR is typically Contractual Necessity (to process your RFQs and fulfill orders) or Legitimate Interests (to improve our enterprise services and prevent fraud). We do not engage in automated decision-making or profiling.

4. International Data Transfers

As a global entity headquartered in Dubai Silicon Oasis, UAE, with hubs in Hong Kong and India, your data may be transferred internationally. We utilize Standard Contractual Clauses (SCCs) and enterprise-grade encryption (AES-256) to ensure your data maintains EU-equivalent protection regardless of where our servers are physically located.

5. Data Retention Period

We retain B2B commercial data, including RFQs and compliance certificates, for a minimum of 7 years to comply with AS 9120B aerospace traceability requirements and international tax regulations. Marketing data is retained until you opt-out.

6. Your Enterprise Data Rights

You retain the right to: Request access to your data, request correction of inaccurate records, request erasure ('Right to be Forgotten'), object to processing, and request data portability. To exercise these rights, submit a formal request to our Data Protection Officer.

7. Contact Our Data Protection Officer (DPO)

For legal inquiries, GDPR data subject access requests, or privacy concerns, please contact our Legal/Compliance team at privacy@costadevices.com or via registered mail to our Dubai Silicon Oasis Headquarters.