GDPR Compliance Statement

Last updated: January 15, 2026

1. Introduction

Maw3ad Business ("we," "our," or "us") is committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This GDPR Compliance Statement explains how we protect the personal data of individuals located in the European Economic Area (EEA) and United Kingdom (UK).

This statement should be read alongside our Privacy Policy, which provides detailed information about our data processing practices.

2. Legal Basis for Processing

Under GDPR, we process personal data based on the following legal bases:

  • Consent: When you have given clear consent for specific processing activities
  • Contract: When processing is necessary for the performance of a contract with you
  • Legal Obligation: When processing is required to comply with legal obligations
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided they do not override your rights and freedoms
  • Vital Interests: When processing is necessary to protect someone's life
  • Public Task: When processing is necessary for the performance of a task carried out in the public interest

3. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

3.1 Right of Access

You have the right to obtain confirmation as to whether we process your personal data and to access that data, along with information about how it is being used.

3.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

3.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

3.4 Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of data or object to processing.

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

3.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

3.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

3.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within one month (this may be extended by two months for complex requests).

We may need to verify your identity before processing your request. We will not charge a fee unless your request is manifestly unfounded or excessive.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

5. Data Processing Principles

We adhere to the following GDPR principles:

  • Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and transparently
  • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes
  • Data Minimization: We only collect data that is adequate, relevant, and necessary
  • Accuracy: We keep data accurate and up to date
  • Storage Limitation: We retain data only for as long as necessary
  • Integrity and Confidentiality: We implement appropriate security measures
  • Accountability: We are responsible for demonstrating compliance

6. Data Transfers

When we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other approved transfer mechanisms under GDPR

We will inform you if we transfer your data outside the EEA/UK and what safeguards are in place.

7. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at:

Email: support@maw3ad.com
Address: Beirut, Lebanon

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

We will also notify the relevant supervisory authority within 72 hours if the breach is likely to result in a risk to your rights and freedoms.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. When determining retention periods, we consider:

  • The purpose for which the data was collected
  • Legal and regulatory requirements
  • The nature of the data
  • Potential risks of harm from unauthorized use or disclosure

10. Third-Party Processors

We use third-party service providers (data processors) to help us operate our Service. We ensure that all processors:

  • Are bound by contractual obligations to protect your data
  • Implement appropriate technical and organizational measures
  • Only process data in accordance with our instructions
  • Comply with GDPR requirements

We maintain a record of all processors and their processing activities.

11. Children's Data

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information immediately.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

12. Supervisory Authority

If you are located in the EEA or UK and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority. You can find your local authority at:

European Data Protection Board

13. Updates to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated statement on this page and updating the "Last updated" date.

14. Contact Us

For any questions, concerns, or requests regarding GDPR compliance or your data protection rights, please contact us at:

Email: support@maw3ad.com
Data Protection Officer: support@maw3ad.com
Address: Beirut, Lebanon