WADY LLC
GLOBAL PRIVACY POLICY
Effective Date: 1/1/2020
Last Updated: 11/4/2026
1. Introduction
Wady LLC (“Wady”, “we”, “our”, “us”), a company established under the laws of the Qatar Financial Centre (QFC), Registration Number: 03228, is committed to protecting the privacy and security of the data entrusted to us. This Privacy Policy describes how we collect, use, store, share, and protect your Personal Data.
This Policy applies to our corporate clients (“Clients”), the authorized individuals aged 18 and over (“Users”) who use our B2B digital services (“Services”), and all visitors to our website. It covers data collected through our website, platform, and applications (collectively, the “Platform”). “User” includes any individual using the Platform, whether as a Buyer or as a Supplier.
Our data processing activities are primarily governed by the QFC Data Protection Regulations 2021. We also adhere to the State of Qatar’s Personal Data Protection Law No. 13 of 2016 (PDPPL) and other applicable international regulations such as the General Data Protection Regulation (GDPR) where our Services are offered to individuals in those regions.
2. Our Role: Data Controller vs. Data Processor
For “User Data” (e.g., account registration information, business contact details), Wady acts as a Data Controller, meaning we determine the purposes and means of processing.
For “Client Data” (information our Clients upload to the Services for their own business purposes), Wady acts as a Data Processor on behalf of the Client.
This Policy primarily concerns our activities as a Data Controller. Our obligations as a Data Processor are defined in our Data Processing Addendum with our Clients.
3. Information We Collect
We adhere to the principle of data minimization, collecting only the Personal Data that is necessary to provide our Services, operate our business, and comply with our legal obligations. We collect information in three ways:
3.1 Information You Provide to Us
When you create an account, set up your business profile, add team members, or use our Services, you may provide us with the following categories of information:
Data Category
Examples
Why We Collect It (Legal Basis)
Account & Identity Data
Full name, phone number, email address, account credentials, account type
To create and manage your account, verify your identity, and provide the Services. (Performance of a Contract)
Business & Organization Data
Business name, commercial registration number, business address and location details, brand information
To onboard your business, manage your organization structure, and facilitate ordering between Buyers and Suppliers. (Performance of a Contract)
Team Member Data
Names, phone numbers, and assigned roles of team members added by account administrators
To enable multi-user access and role-based permissions within your organization’s account. (Performance of a Contract; Legitimate Interest)
Order & Transaction Data
Product selections, quantities, order dates, delivery preferences, order status, and related purchase documentation
To facilitate order placement, management, and fulfillment between Buyers and Suppliers. (Performance of a Contract)
Contact & Coordination Data
Delivery recipient names, phone numbers, and email addresses provided for order coordination purposes
To enable communication and coordination between Buyers and Suppliers regarding order fulfillment. (Performance of a Contract)
Communications Data
Messages, files, and attachments sent through the Platform’s messaging features; support tickets and feedback
To enable in-platform communication between Users and to provide customer support. (Performance of a Contract; Legitimate Interest)
Uploaded Content
Photos, documents, logos, and other files you upload to the Platform
To support order verification, dispute resolution, and business profile customization. (Performance of a Contract; Legitimate Interest)
3.2 Information We Collect Automatically
When you use our Platform, we automatically collect certain technical information:
Data Category
Examples
Why We Collect It (Legal Basis)
Device & Technical Data
Device type, operating system, app version, browser type, IP address, login timestamps, session data
To secure the Platform, diagnose technical issues, and improve performance. (Legitimate Interest)
Usage Data
Pages visited, features used, interaction patterns, and time spent on the Platform
To understand how Users interact with the Platform and improve the user experience. (Legitimate Interest)
Location Data
Approximate location derived from IP address
To provide localized content and detect suspicious login activity. (Legitimate Interest)
3.3 Information We Derive
We may generate derived or aggregated data from your use of the Platform, such as spending summaries, order trends, and usage analytics. This derived data is used to provide you with insights within the Platform and to improve our Services. Where this data is aggregated and anonymized so that it can no longer identify any individual, it is not subject to this Privacy Policy.
Important Clarifications:
We do not collect “Special Categories” of personal data (e.g., health, race, religion, political opinions, biometric or genetic data) as defined by the QFC Data Protection Regulations 2021 and GDPR.
We do not collect, process, or store any payment card data, bank account details, or financial payment information. Wady does not operate a payment gateway and does not process payments of any kind. All payment arrangements between Buyers and Suppliers are handled exclusively between those parties.
4. Information About Third Parties
When account administrators add team members or order recipients to the Platform, they provide personal data about those individuals (such as names and phone numbers). If you add another individual’s information to the Platform, you represent and warrant that you have obtained the necessary consent or authorization to share that individual’s personal data with Wady, and that you have informed them of this Privacy Policy.
In accordance with Article 15 of the QFC Data Protection Regulations 2021, where we hold personal data about individuals who did not provide it to us directly, those individuals have the same data protection rights as set out in Section 9 of this Policy and may contact us at wecare@thewady.com to exercise those rights.
5. Cookies and Similar Technologies
Strictly Necessary Cookies: Essential for the Platform to function properly, including security, account authentication, and session management. These do not require your consent.
Analytics and Performance Cookies: Help us understand how Users interact with the Platform to improve performance and user experience. We will only use these cookies with your explicit, prior consent.
You can manage your cookie preferences at any time through our cookie consent banner or by adjusting your browser settings. Disabling certain cookies may affect the functionality of the Platform.
6. How We Use Your Information
We use your Personal Data for the following purposes:
(a) To provide, operate, and maintain the Platform and Services;
(b) To create and manage your account and your organization’s profile;
(c) To facilitate ordering and communication between Buyers and Suppliers;
(d) To provide customer support and respond to your inquiries;
(e) To send you essential service-related communications (order confirmations, account notifications);
(f) To send you marketing communications, where you have provided separate consent;
(g) To improve, personalize, and develop new features for the Platform;
(h) To ensure the security and integrity of the Platform, including fraud detection;
(i) To generate aggregated analytics and business insights;
(j) To comply with our legal and regulatory obligations.
7. How We Share Your Information
We do not sell your Personal Data. We only share your data in the following circumstances:
With Other Users of the Platform: We share necessary business contact details, order information, and catalog data between Buyers and Suppliers to facilitate the core ordering function of the Service.
With Service Providers: We engage third-party service providers for infrastructure hosting, operational support, and analytics. All service providers are contractually bound to process data only on our instructions and to implement appropriate security measures.
With Legal & Regulatory Authorities: We may disclose your data if required by law or a binding order from a court or competent authority, including the QFC Data Protection Office, the QFC Regulatory Authority, or any other authority with jurisdiction.
In a Business Transaction: In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the new entity under equivalent confidentiality obligations. We will notify you of any such transfer.
8. International Data Transfers
Your Personal Data is primarily stored and processed on servers located in the European Union, which is on the QFC Data Protection Office’s list of adequate jurisdictions. Transfers to adequate jurisdictions do not require additional safeguards under Article 23 of the QFC Data Protection Regulations 2021.
Where we need to transfer data to jurisdictions not on the QFC’s adequate jurisdictions list, we ensure your data is protected by implementing legally approved safeguards, such as the QFC’s Standard Contractual Clauses (SCCs), in accordance with Article 24 of the Regulations.
9. Data Security
We have implemented robust technical and organizational security measures to protect your Personal Data, in accordance with Article 29 of the QFC Data Protection Regulations 2021. These include encryption of data in transit and at rest, access controls, regular security assessments, and staff training on data protection obligations.
No system is impenetrable, and we cannot guarantee absolute security. In the event of a security incident, we will follow the breach notification procedures set out in Section 13 of this Policy.
10. Data Retention
We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected. The following retention periods apply:
Active Account Data: Duration of the active business relationship plus two (2) years after account closure or last activity.
Order and Transaction Records: Seven (7) years from the date of the transaction, in accordance with Qatari commercial record-keeping requirements.
Technical and Usage Data: Ninety (90) days for security monitoring and troubleshooting, after which data is deleted or anonymized.
Marketing Consent Records: Duration of active consent plus three (3) years after withdrawal, to demonstrate compliance.
Communications and Support Data: Three (3) years after resolution of the inquiry.
When data is no longer required, we securely delete or irreversibly anonymize it.
11. Your Data Protection Rights
Under the QFC Data Protection Regulations 2021 and other applicable laws, you have the following rights:
Right to Access (Article 16): Request a copy of the Personal Data we hold about you.
Right to Rectification (Article 17): Request correction of any inaccurate or incomplete data.
Right to Erasure (Article 18): Request deletion of your Personal Data, under certain conditions.
Right to Object (Article 19): Object to processing based on Legitimate Interest, including an absolute right to object to direct marketing at any time.
Right to Restrict Processing (Article 20): Request that we limit the use of your Personal Data.
Right to Data Portability (Article 21): Request your data in a structured, commonly used, machine-readable format.
Right Regarding Automated Decisions (Article 22): You have the right not to be subject to a decision based solely on automated processing where that decision would have a legal effect on you or otherwise significantly affect you. See Section 12 for details.
How to Exercise Your Rights: Contact our Data Protection Officer at wecare@thewady.com. We will respond within thirty (30) days. If your request is complex, we may extend this by a further sixty (60) days and will inform you of the extension and reasons within the initial thirty-day period.
If we decide not to act on your request, we will inform you of the reasons within thirty (30) days and of your right to lodge a complaint with the QFC Data Protection Office.
We do not charge a fee for processing data subject requests unless they are manifestly unfounded or excessive.
12. Automated Processing
We may use automated technologies, including artificial intelligence, to process and manage data within the Platform. These technologies may be used to improve the accuracy and efficiency of order management, provide business analytics, and enhance the overall user experience.
In accordance with Article 22 of the QFC Data Protection Regulations 2021, where automated processing may produce decisions that significantly affect your business operations, you have the right to:
(a) Request human intervention by a member of the Wady team;
(b) Express your point of view regarding the automated decision;
(c) Contest the outcome of any automated decision.
To exercise these rights, contact wecare@thewady.com. We will respond within thirty (30) days.
We may also generate aggregated, anonymized, or de-identified data from information processed through the Platform. Such data cannot identify any individual User and is not subject to this Privacy Policy.
13. Data Breach Notification
In the event of a Personal Data Breach, as defined by the QFC Data Protection Regulations 2021, Wady will:
(a) Notify the QFC Data Protection Office without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach, in accordance with Article 31 of the Regulations;
(b) Notify affected Data Subjects without undue delay where the breach is likely to result in a high risk to their rights and legitimate interests, using clear and plain language describing the nature of the breach, its likely consequences, and the measures taken to address it;
(c) Document all breaches, including the facts, effects, and remedial actions taken, to enable the QFC Data Protection Office to verify compliance.
Where Wady acts as a Data Processor, we will notify the relevant Data Controller without undue delay after becoming aware of a breach affecting their data.
14. Children’s Privacy
Our Service is intended for use by business professionals aged 18 and over. We do not knowingly collect Personal Data from anyone under 18. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete it.
15. Updates to This Policy
We may update this Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting a prominent notice on our Platform or by email at least thirty (30) days before the change takes effect. Your continued use of the Service after changes constitutes acceptance of the updated Policy.
16. Contact Us & Dispute Resolution
For any questions, concerns, or to exercise your data protection rights, please contact our Data Protection Officer:
Wady LLC
Registration Number: 03228
Office No. 8, Floor No. 1, QFC Tower 1, Doha – Qatar
Email: wecare@thewady.com
Phone: +974 7000 7658
As a QFC entity, our lead supervisory authority is the QFC Data Protection Office. If you are unsatisfied with our resolution of a data protection matter, you have the right to lodge a complaint with the QFC Data Protection Office in accordance with Article 34 of the QFC Data Protection Regulations 2021. The QFC Data Protection Office can be reached via www.qfc.qa/data-protection.
If you are based in the European Economic Area, you may also contact your local data protection authority.
© 2026 WADY LLC. All rights reserved.
Qatar Financial Centre • Registration Number: 03228
Office No. 8, Floor No. 1, QFC Tower 1, Doha – Qatar
wecare@thewady.com | +974 7000 7658
WADY LLC
GLOBAL PRIVACY POLICY
Effective Date: 1/1/2020
Last Updated: 11/4/2026
1. Introduction
Wady LLC (“Wady”, “we”, “our”, “us”), a company established under the laws of the Qatar Financial Centre (QFC), Registration Number: 03228, is committed to protecting the privacy and security of the data entrusted to us. This Privacy Policy describes how we collect, use, store, share, and protect your Personal Data.
This Policy applies to our corporate clients (“Clients”), the authorized individuals aged 18 and over (“Users”) who use our B2B digital services (“Services”), and all visitors to our website. It covers data collected through our website, platform, and applications (collectively, the “Platform”). “User” includes any individual using the Platform, whether as a Buyer or as a Supplier.
Our data processing activities are primarily governed by the QFC Data Protection Regulations 2021. We also adhere to the State of Qatar’s Personal Data Protection Law No. 13 of 2016 (PDPPL) and other applicable international regulations such as the General Data Protection Regulation (GDPR) where our Services are offered to individuals in those regions.
2. Our Role: Data Controller vs. Data Processor
For “User Data” (e.g., account registration information, business contact details), Wady acts as a Data Controller, meaning we determine the purposes and means of processing.
For “Client Data” (information our Clients upload to the Services for their own business purposes), Wady acts as a Data Processor on behalf of the Client.
This Policy primarily concerns our activities as a Data Controller. Our obligations as a Data Processor are defined in our Data Processing Addendum with our Clients.
3. Information We Collect
We adhere to the principle of data minimization, collecting only the Personal Data that is necessary to provide our Services, operate our business, and comply with our legal obligations. We collect information in three ways:
3.1 Information You Provide to Us
When you create an account, set up your business profile, add team members, or use our Services, you may provide us with the following categories of information:
Data Category
Examples
Why We Collect It (Legal Basis)
Account & Identity Data
Full name, phone number, email address, account credentials, account type
To create and manage your account, verify your identity, and provide the Services. (Performance of a Contract)
Business & Organization Data
Business name, commercial registration number, business address and location details, brand information
To onboard your business, manage your organization structure, and facilitate ordering between Buyers and Suppliers. (Performance of a Contract)
Team Member Data
Names, phone numbers, and assigned roles of team members added by account administrators
To enable multi-user access and role-based permissions within your organization’s account. (Performance of a Contract; Legitimate Interest)
Order & Transaction Data
Product selections, quantities, order dates, delivery preferences, order status, and related purchase documentation
To facilitate order placement, management, and fulfillment between Buyers and Suppliers. (Performance of a Contract)
Contact & Coordination Data
Delivery recipient names, phone numbers, and email addresses provided for order coordination purposes
To enable communication and coordination between Buyers and Suppliers regarding order fulfillment. (Performance of a Contract)
Communications Data
Messages, files, and attachments sent through the Platform’s messaging features; support tickets and feedback
To enable in-platform communication between Users and to provide customer support. (Performance of a Contract; Legitimate Interest)
Uploaded Content
Photos, documents, logos, and other files you upload to the Platform
To support order verification, dispute resolution, and business profile customization. (Performance of a Contract; Legitimate Interest)
3.2 Information We Collect Automatically
When you use our Platform, we automatically collect certain technical information:
Data Category
Examples
Why We Collect It (Legal Basis)
Device & Technical Data
Device type, operating system, app version, browser type, IP address, login timestamps, session data
To secure the Platform, diagnose technical issues, and improve performance. (Legitimate Interest)
Usage Data
Pages visited, features used, interaction patterns, and time spent on the Platform
To understand how Users interact with the Platform and improve the user experience. (Legitimate Interest)
Location Data
Approximate location derived from IP address
To provide localized content and detect suspicious login activity. (Legitimate Interest)
3.3 Information We Derive
We may generate derived or aggregated data from your use of the Platform, such as spending summaries, order trends, and usage analytics. This derived data is used to provide you with insights within the Platform and to improve our Services. Where this data is aggregated and anonymized so that it can no longer identify any individual, it is not subject to this Privacy Policy.
Important Clarifications:
We do not collect “Special Categories” of personal data (e.g., health, race, religion, political opinions, biometric or genetic data) as defined by the QFC Data Protection Regulations 2021 and GDPR.
We do not collect, process, or store any payment card data, bank account details, or financial payment information. Wady does not operate a payment gateway and does not process payments of any kind. All payment arrangements between Buyers and Suppliers are handled exclusively between those parties.
4. Information About Third Parties
When account administrators add team members or order recipients to the Platform, they provide personal data about those individuals (such as names and phone numbers). If you add another individual’s information to the Platform, you represent and warrant that you have obtained the necessary consent or authorization to share that individual’s personal data with Wady, and that you have informed them of this Privacy Policy.
In accordance with Article 15 of the QFC Data Protection Regulations 2021, where we hold personal data about individuals who did not provide it to us directly, those individuals have the same data protection rights as set out in Section 9 of this Policy and may contact us at wecare@thewady.com to exercise those rights.
5. Cookies and Similar Technologies
Strictly Necessary Cookies: Essential for the Platform to function properly, including security, account authentication, and session management. These do not require your consent.
Analytics and Performance Cookies: Help us understand how Users interact with the Platform to improve performance and user experience. We will only use these cookies with your explicit, prior consent.
You can manage your cookie preferences at any time through our cookie consent banner or by adjusting your browser settings. Disabling certain cookies may affect the functionality of the Platform.
6. How We Use Your Information
We use your Personal Data for the following purposes:
(a) To provide, operate, and maintain the Platform and Services;
(b) To create and manage your account and your organization’s profile;
(c) To facilitate ordering and communication between Buyers and Suppliers;
(d) To provide customer support and respond to your inquiries;
(e) To send you essential service-related communications (order confirmations, account notifications);
(f) To send you marketing communications, where you have provided separate consent;
(g) To improve, personalize, and develop new features for the Platform;
(h) To ensure the security and integrity of the Platform, including fraud detection;
(i) To generate aggregated analytics and business insights;
(j) To comply with our legal and regulatory obligations.
7. How We Share Your Information
We do not sell your Personal Data. We only share your data in the following circumstances:
With Other Users of the Platform: We share necessary business contact details, order information, and catalog data between Buyers and Suppliers to facilitate the core ordering function of the Service.
With Service Providers: We engage third-party service providers for infrastructure hosting, operational support, and analytics. All service providers are contractually bound to process data only on our instructions and to implement appropriate security measures.
With Legal & Regulatory Authorities: We may disclose your data if required by law or a binding order from a court or competent authority, including the QFC Data Protection Office, the QFC Regulatory Authority, or any other authority with jurisdiction.
In a Business Transaction: In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the new entity under equivalent confidentiality obligations. We will notify you of any such transfer.
8. International Data Transfers
Your Personal Data is primarily stored and processed on servers located in the European Union, which is on the QFC Data Protection Office’s list of adequate jurisdictions. Transfers to adequate jurisdictions do not require additional safeguards under Article 23 of the QFC Data Protection Regulations 2021.
Where we need to transfer data to jurisdictions not on the QFC’s adequate jurisdictions list, we ensure your data is protected by implementing legally approved safeguards, such as the QFC’s Standard Contractual Clauses (SCCs), in accordance with Article 24 of the Regulations.
9. Data Security
We have implemented robust technical and organizational security measures to protect your Personal Data, in accordance with Article 29 of the QFC Data Protection Regulations 2021. These include encryption of data in transit and at rest, access controls, regular security assessments, and staff training on data protection obligations.
No system is impenetrable, and we cannot guarantee absolute security. In the event of a security incident, we will follow the breach notification procedures set out in Section 13 of this Policy.
10. Data Retention
We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected. The following retention periods apply:
Active Account Data: Duration of the active business relationship plus two (2) years after account closure or last activity.
Order and Transaction Records: Seven (7) years from the date of the transaction, in accordance with Qatari commercial record-keeping requirements.
Technical and Usage Data: Ninety (90) days for security monitoring and troubleshooting, after which data is deleted or anonymized.
Marketing Consent Records: Duration of active consent plus three (3) years after withdrawal, to demonstrate compliance.
Communications and Support Data: Three (3) years after resolution of the inquiry.
When data is no longer required, we securely delete or irreversibly anonymize it.
11. Your Data Protection Rights
Under the QFC Data Protection Regulations 2021 and other applicable laws, you have the following rights:
Right to Access (Article 16): Request a copy of the Personal Data we hold about you.
Right to Rectification (Article 17): Request correction of any inaccurate or incomplete data.
Right to Erasure (Article 18): Request deletion of your Personal Data, under certain conditions.
Right to Object (Article 19): Object to processing based on Legitimate Interest, including an absolute right to object to direct marketing at any time.
Right to Restrict Processing (Article 20): Request that we limit the use of your Personal Data.
Right to Data Portability (Article 21): Request your data in a structured, commonly used, machine-readable format.
Right Regarding Automated Decisions (Article 22): You have the right not to be subject to a decision based solely on automated processing where that decision would have a legal effect on you or otherwise significantly affect you. See Section 12 for details.
How to Exercise Your Rights: Contact our Data Protection Officer at wecare@thewady.com. We will respond within thirty (30) days. If your request is complex, we may extend this by a further sixty (60) days and will inform you of the extension and reasons within the initial thirty-day period.
If we decide not to act on your request, we will inform you of the reasons within thirty (30) days and of your right to lodge a complaint with the QFC Data Protection Office.
We do not charge a fee for processing data subject requests unless they are manifestly unfounded or excessive.
12. Automated Processing
We may use automated technologies, including artificial intelligence, to process and manage data within the Platform. These technologies may be used to improve the accuracy and efficiency of order management, provide business analytics, and enhance the overall user experience.
In accordance with Article 22 of the QFC Data Protection Regulations 2021, where automated processing may produce decisions that significantly affect your business operations, you have the right to:
(a) Request human intervention by a member of the Wady team;
(b) Express your point of view regarding the automated decision;
(c) Contest the outcome of any automated decision.
To exercise these rights, contact wecare@thewady.com. We will respond within thirty (30) days.
We may also generate aggregated, anonymized, or de-identified data from information processed through the Platform. Such data cannot identify any individual User and is not subject to this Privacy Policy.
13. Data Breach Notification
In the event of a Personal Data Breach, as defined by the QFC Data Protection Regulations 2021, Wady will:
(a) Notify the QFC Data Protection Office without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach, in accordance with Article 31 of the Regulations;
(b) Notify affected Data Subjects without undue delay where the breach is likely to result in a high risk to their rights and legitimate interests, using clear and plain language describing the nature of the breach, its likely consequences, and the measures taken to address it;
(c) Document all breaches, including the facts, effects, and remedial actions taken, to enable the QFC Data Protection Office to verify compliance.
Where Wady acts as a Data Processor, we will notify the relevant Data Controller without undue delay after becoming aware of a breach affecting their data.
14. Children’s Privacy
Our Service is intended for use by business professionals aged 18 and over. We do not knowingly collect Personal Data from anyone under 18. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete it.
15. Updates to This Policy
We may update this Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting a prominent notice on our Platform or by email at least thirty (30) days before the change takes effect. Your continued use of the Service after changes constitutes acceptance of the updated Policy.
16. Contact Us & Dispute Resolution
For any questions, concerns, or to exercise your data protection rights, please contact our Data Protection Officer:
Wady LLC
Registration Number: 03228
Office No. 8, Floor No. 1, QFC Tower 1, Doha – Qatar
Email: wecare@thewady.com
Phone: +974 7000 7658
As a QFC entity, our lead supervisory authority is the QFC Data Protection Office. If you are unsatisfied with our resolution of a data protection matter, you have the right to lodge a complaint with the QFC Data Protection Office in accordance with Article 34 of the QFC Data Protection Regulations 2021. The QFC Data Protection Office can be reached via www.qfc.qa/data-protection.
If you are based in the European Economic Area, you may also contact your local data protection authority.
© 2026 WADY LLC. All rights reserved.
Qatar Financial Centre • Registration Number: 03228
Office No. 8, Floor No. 1, QFC Tower 1, Doha – Qatar
wecare@thewady.com | +974 7000 7658
WADY LLC
GLOBAL PRIVACY POLICY
Effective Date: 1/1/2020
Last Updated: 11/4/2026
1. Introduction
Wady LLC (“Wady”, “we”, “our”, “us”), a company established under the laws of the Qatar Financial Centre (QFC), Registration Number: 03228, is committed to protecting the privacy and security of the data entrusted to us. This Privacy Policy describes how we collect, use, store, share, and protect your Personal Data.
This Policy applies to our corporate clients (“Clients”), the authorized individuals aged 18 and over (“Users”) who use our B2B digital services (“Services”), and all visitors to our website. It covers data collected through our website, platform, and applications (collectively, the “Platform”). “User” includes any individual using the Platform, whether as a Buyer or as a Supplier.
Our data processing activities are primarily governed by the QFC Data Protection Regulations 2021. We also adhere to the State of Qatar’s Personal Data Protection Law No. 13 of 2016 (PDPPL) and other applicable international regulations such as the General Data Protection Regulation (GDPR) where our Services are offered to individuals in those regions.
2. Our Role: Data Controller vs. Data Processor
For “User Data” (e.g., account registration information, business contact details), Wady acts as a Data Controller, meaning we determine the purposes and means of processing.
For “Client Data” (information our Clients upload to the Services for their own business purposes), Wady acts as a Data Processor on behalf of the Client.
This Policy primarily concerns our activities as a Data Controller. Our obligations as a Data Processor are defined in our Data Processing Addendum with our Clients.
3. Information We Collect
We adhere to the principle of data minimization, collecting only the Personal Data that is necessary to provide our Services, operate our business, and comply with our legal obligations. We collect information in three ways:
3.1 Information You Provide to Us
When you create an account, set up your business profile, add team members, or use our Services, you may provide us with the following categories of information:
Data Category
Examples
Why We Collect It (Legal Basis)
Account & Identity Data
Full name, phone number, email address, account credentials, account type
To create and manage your account, verify your identity, and provide the Services. (Performance of a Contract)
Business & Organization Data
Business name, commercial registration number, business address and location details, brand information
To onboard your business, manage your organization structure, and facilitate ordering between Buyers and Suppliers. (Performance of a Contract)
Team Member Data
Names, phone numbers, and assigned roles of team members added by account administrators
To enable multi-user access and role-based permissions within your organization’s account. (Performance of a Contract; Legitimate Interest)
Order & Transaction Data
Product selections, quantities, order dates, delivery preferences, order status, and related purchase documentation
To facilitate order placement, management, and fulfillment between Buyers and Suppliers. (Performance of a Contract)
Contact & Coordination Data
Delivery recipient names, phone numbers, and email addresses provided for order coordination purposes
To enable communication and coordination between Buyers and Suppliers regarding order fulfillment. (Performance of a Contract)
Communications Data
Messages, files, and attachments sent through the Platform’s messaging features; support tickets and feedback
To enable in-platform communication between Users and to provide customer support. (Performance of a Contract; Legitimate Interest)
Uploaded Content
Photos, documents, logos, and other files you upload to the Platform
To support order verification, dispute resolution, and business profile customization. (Performance of a Contract; Legitimate Interest)
3.2 Information We Collect Automatically
When you use our Platform, we automatically collect certain technical information:
Data Category
Examples
Why We Collect It (Legal Basis)
Device & Technical Data
Device type, operating system, app version, browser type, IP address, login timestamps, session data
To secure the Platform, diagnose technical issues, and improve performance. (Legitimate Interest)
Usage Data
Pages visited, features used, interaction patterns, and time spent on the Platform
To understand how Users interact with the Platform and improve the user experience. (Legitimate Interest)
Location Data
Approximate location derived from IP address
To provide localized content and detect suspicious login activity. (Legitimate Interest)
3.3 Information We Derive
We may generate derived or aggregated data from your use of the Platform, such as spending summaries, order trends, and usage analytics. This derived data is used to provide you with insights within the Platform and to improve our Services. Where this data is aggregated and anonymized so that it can no longer identify any individual, it is not subject to this Privacy Policy.
Important Clarifications:
We do not collect “Special Categories” of personal data (e.g., health, race, religion, political opinions, biometric or genetic data) as defined by the QFC Data Protection Regulations 2021 and GDPR.
We do not collect, process, or store any payment card data, bank account details, or financial payment information. Wady does not operate a payment gateway and does not process payments of any kind. All payment arrangements between Buyers and Suppliers are handled exclusively between those parties.
4. Information About Third Parties
When account administrators add team members or order recipients to the Platform, they provide personal data about those individuals (such as names and phone numbers). If you add another individual’s information to the Platform, you represent and warrant that you have obtained the necessary consent or authorization to share that individual’s personal data with Wady, and that you have informed them of this Privacy Policy.
In accordance with Article 15 of the QFC Data Protection Regulations 2021, where we hold personal data about individuals who did not provide it to us directly, those individuals have the same data protection rights as set out in Section 9 of this Policy and may contact us at wecare@thewady.com to exercise those rights.
5. Cookies and Similar Technologies
Strictly Necessary Cookies: Essential for the Platform to function properly, including security, account authentication, and session management. These do not require your consent.
Analytics and Performance Cookies: Help us understand how Users interact with the Platform to improve performance and user experience. We will only use these cookies with your explicit, prior consent.
You can manage your cookie preferences at any time through our cookie consent banner or by adjusting your browser settings. Disabling certain cookies may affect the functionality of the Platform.
6. How We Use Your Information
We use your Personal Data for the following purposes:
(a) To provide, operate, and maintain the Platform and Services;
(b) To create and manage your account and your organization’s profile;
(c) To facilitate ordering and communication between Buyers and Suppliers;
(d) To provide customer support and respond to your inquiries;
(e) To send you essential service-related communications (order confirmations, account notifications);
(f) To send you marketing communications, where you have provided separate consent;
(g) To improve, personalize, and develop new features for the Platform;
(h) To ensure the security and integrity of the Platform, including fraud detection;
(i) To generate aggregated analytics and business insights;
(j) To comply with our legal and regulatory obligations.
7. How We Share Your Information
We do not sell your Personal Data. We only share your data in the following circumstances:
With Other Users of the Platform: We share necessary business contact details, order information, and catalog data between Buyers and Suppliers to facilitate the core ordering function of the Service.
With Service Providers: We engage third-party service providers for infrastructure hosting, operational support, and analytics. All service providers are contractually bound to process data only on our instructions and to implement appropriate security measures.
With Legal & Regulatory Authorities: We may disclose your data if required by law or a binding order from a court or competent authority, including the QFC Data Protection Office, the QFC Regulatory Authority, or any other authority with jurisdiction.
In a Business Transaction: In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the new entity under equivalent confidentiality obligations. We will notify you of any such transfer.
8. International Data Transfers
Your Personal Data is primarily stored and processed on servers located in the European Union, which is on the QFC Data Protection Office’s list of adequate jurisdictions. Transfers to adequate jurisdictions do not require additional safeguards under Article 23 of the QFC Data Protection Regulations 2021.
Where we need to transfer data to jurisdictions not on the QFC’s adequate jurisdictions list, we ensure your data is protected by implementing legally approved safeguards, such as the QFC’s Standard Contractual Clauses (SCCs), in accordance with Article 24 of the Regulations.
9. Data Security
We have implemented robust technical and organizational security measures to protect your Personal Data, in accordance with Article 29 of the QFC Data Protection Regulations 2021. These include encryption of data in transit and at rest, access controls, regular security assessments, and staff training on data protection obligations.
No system is impenetrable, and we cannot guarantee absolute security. In the event of a security incident, we will follow the breach notification procedures set out in Section 13 of this Policy.
10. Data Retention
We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected. The following retention periods apply:
Active Account Data: Duration of the active business relationship plus two (2) years after account closure or last activity.
Order and Transaction Records: Seven (7) years from the date of the transaction, in accordance with Qatari commercial record-keeping requirements.
Technical and Usage Data: Ninety (90) days for security monitoring and troubleshooting, after which data is deleted or anonymized.
Marketing Consent Records: Duration of active consent plus three (3) years after withdrawal, to demonstrate compliance.
Communications and Support Data: Three (3) years after resolution of the inquiry.
When data is no longer required, we securely delete or irreversibly anonymize it.
11. Your Data Protection Rights
Under the QFC Data Protection Regulations 2021 and other applicable laws, you have the following rights:
Right to Access (Article 16): Request a copy of the Personal Data we hold about you.
Right to Rectification (Article 17): Request correction of any inaccurate or incomplete data.
Right to Erasure (Article 18): Request deletion of your Personal Data, under certain conditions.
Right to Object (Article 19): Object to processing based on Legitimate Interest, including an absolute right to object to direct marketing at any time.
Right to Restrict Processing (Article 20): Request that we limit the use of your Personal Data.
Right to Data Portability (Article 21): Request your data in a structured, commonly used, machine-readable format.
Right Regarding Automated Decisions (Article 22): You have the right not to be subject to a decision based solely on automated processing where that decision would have a legal effect on you or otherwise significantly affect you. See Section 12 for details.
How to Exercise Your Rights: Contact our Data Protection Officer at wecare@thewady.com. We will respond within thirty (30) days. If your request is complex, we may extend this by a further sixty (60) days and will inform you of the extension and reasons within the initial thirty-day period.
If we decide not to act on your request, we will inform you of the reasons within thirty (30) days and of your right to lodge a complaint with the QFC Data Protection Office.
We do not charge a fee for processing data subject requests unless they are manifestly unfounded or excessive.
12. Automated Processing
We may use automated technologies, including artificial intelligence, to process and manage data within the Platform. These technologies may be used to improve the accuracy and efficiency of order management, provide business analytics, and enhance the overall user experience.
In accordance with Article 22 of the QFC Data Protection Regulations 2021, where automated processing may produce decisions that significantly affect your business operations, you have the right to:
(a) Request human intervention by a member of the Wady team;
(b) Express your point of view regarding the automated decision;
(c) Contest the outcome of any automated decision.
To exercise these rights, contact wecare@thewady.com. We will respond within thirty (30) days.
We may also generate aggregated, anonymized, or de-identified data from information processed through the Platform. Such data cannot identify any individual User and is not subject to this Privacy Policy.
13. Data Breach Notification
In the event of a Personal Data Breach, as defined by the QFC Data Protection Regulations 2021, Wady will:
(a) Notify the QFC Data Protection Office without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach, in accordance with Article 31 of the Regulations;
(b) Notify affected Data Subjects without undue delay where the breach is likely to result in a high risk to their rights and legitimate interests, using clear and plain language describing the nature of the breach, its likely consequences, and the measures taken to address it;
(c) Document all breaches, including the facts, effects, and remedial actions taken, to enable the QFC Data Protection Office to verify compliance.
Where Wady acts as a Data Processor, we will notify the relevant Data Controller without undue delay after becoming aware of a breach affecting their data.
14. Children’s Privacy
Our Service is intended for use by business professionals aged 18 and over. We do not knowingly collect Personal Data from anyone under 18. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete it.
15. Updates to This Policy
We may update this Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting a prominent notice on our Platform or by email at least thirty (30) days before the change takes effect. Your continued use of the Service after changes constitutes acceptance of the updated Policy.
16. Contact Us & Dispute Resolution
For any questions, concerns, or to exercise your data protection rights, please contact our Data Protection Officer:
Wady LLC
Registration Number: 03228
Office No. 8, Floor No. 1, QFC Tower 1, Doha – Qatar
Email: wecare@thewady.com
Phone: +974 7000 7658
As a QFC entity, our lead supervisory authority is the QFC Data Protection Office. If you are unsatisfied with our resolution of a data protection matter, you have the right to lodge a complaint with the QFC Data Protection Office in accordance with Article 34 of the QFC Data Protection Regulations 2021. The QFC Data Protection Office can be reached via www.qfc.qa/data-protection.
If you are based in the European Economic Area, you may also contact your local data protection authority.
© 2026WADY LLC. All rights reserved.
Qatar Financial Centre • Registration Number: 03228
Office No. 8, Floor No. 1, QFC Tower 1, Doha – Qatar
wecare@thewady.com | +974 7000 7658