1. Introduction
Baaza FZ LLC ("Baaza," "we," "us," or "our") operates the usebaaza.com website (the "Site") and related mobile application (the "App"), which together function as a marketplace connecting users with movers, shipping providers, and related logistics services (collectively, the "Services"). This Privacy Policy (the "Policy") explains how we collect, use, disclose, and safeguard personal data when you interact with our Services.
It also outlines your choices and rights regarding Personal Information (data that identifies or can identify an individual) and how to contact us.
For the purposes of the UAE PDPL, the EU GDPR, and the UK GDPR, Baaza FZ LLC acts as the Data Controller of the personal data processed through the Site and App. We determine how and why your personal data is collected and used when you access or interact with our Services. Movers, shipping companies, and other logistics providers available through our marketplace act as independent controllers for the personal data they receive in order to provide their services, and are responsible for their own compliance with data-protection obligations.
Please read this Policy carefully before using our Services or accessing the Site or App. By accessing or using the Site, the App, or any of our Services, you acknowledge that you have read, understood, and agree to this Policy. For any questions, please contact support@usebaaza.com.
2. Information We Collect
We collect personal data directly from you, automatically through your use of our sites or apps, and from third parties, as permitted by law.
2.1 Information necessary to deliver our services
Identity & Profile: Company name, trade license number, authorized representative names; where required by law, passport/ID details or similar identifiers.
Contact: Email, phone number, messaging accounts (if any), business address.
Billing & Financial Data: Transaction-related financial information, including payment status, amounts, invoices, and receipts. We do not store payment card details; all card payments are processed by secure, third-party payment service providers. Where applicable, this may include limited bank or payout details necessary to remit funds.
Service Records: Details of services you subscribe to or purchase, including invoices, receipts, and any agreements.
2.2 Information collected automatically
We collect technical and usage information, IP address, device/browser type, on-site actions, crash logs, and approximate location, via cookies or similar technologies. For details, see our Cookie Policy. We use this data for functionality, analytics, security, and service improvement.
2.3 Information you choose to provide
You may voluntarily provide information such as business preferences, feedback, survey responses, or other notes when contacting us by email, phone, or other channels. This includes communications records for support and complaints.
2.4 Information from third parties
We may receive additional data from sign-in providers (e.g., Google), payment processors, identity-verification services, marketing partners, or affiliates. We combine such data with what you provide to deliver our services.
3. How We Use Information
We process personal data only where a lawful basis applies. The purposes and corresponding legal bases are described below.
Provide and manage Services (Contractual necessity / Legitimate interests): We use identity, contact, billing and service records to create and administer accounts, verify identity, match shippers and movers, process payments and deliver marketplace services.
Communications (Contractual necessity / Legitimate interests): We use your contact details to send confirmations, invoices, pick-up and drop-off information, changes to our services, and other transactional or support messages.
Account management (Contractual necessity / Legitimate interests): We use your data to provide account access, enforce our Terms of Service, and notify you about changes.
Customer support (Legitimate interests): We use identity, contact and communications data to troubleshoot issues, respond to enquiries and resolve complaints.
Marketing (Consent / Legitimate interests): With your consent where required by law, we may send you promotional updates, personalised offers and surveys via email, SMS or other channels. You can withdraw consent or opt out of marketing at any time by following the instructions in our messages or contacting support@usebaaza.com.
Analytics and improvement (Legitimate interests): We analyse usage data to understand how our Site and App are used, evaluate performance, develop new features and improve our Services.
Security and fraud prevention (Legal obligations / Legitimate interests): We process data to detect and prevent fraud, enforce our agreements and comply with legal obligations (e.g. anti-money-laundering requirements).
Aggregated statistics (Legitimate interests): We may anonymise or pseudonymise personal data to create aggregated statistics that do not identify you. We use aggregated information to analyse trends, plan product improvements and prepare reports.
Automated decision-making: We may use automated systems (such as credit or risk-scoring algorithms) to help determine whether to approve an account or identify potentially fraudulent activity. These decisions can impact your ability to use our Services. You have the right to obtain information about the logic involved, to express your viewpoint, to contest the decision, and to request human intervention in respect of such decision.
4. When We Process Information (Legal Bases)
We rely on:
Contractual necessity: To fulfill our contract with you (e.g., delivering services).
Consent: For optional uses (e.g., marketing, non-essential cookies); you can withdraw consent at any time.
Legal obligations: To comply with applicable law (e.g., tax, AML/KYC requirements).
Legitimate interests: For purposes such as service improvement, security, reporting, and defending legal claims. We balance these interests against your rights and freedoms.
5. How We Disclose Information
We may share your data with the following categories of recipients:
Service providers: Companies that perform functions on our behalf, such as hosting, payment processing, communications, identity verification, analytics, marketing and IT support, under confidentiality agreements.
Authorities: Public authorities, law-enforcement agencies or regulators where required by law or in connection with legal claims.
Marketing/advertising partners: With your consent where required, we may share limited data for interest-based advertising or audience matching. We honour your choices and comply with platform rules and privacy laws.
Group companies: Entities within our corporate group for internal administration, consolidated reporting and support.
Business transfers: In the event of a merger, acquisition or sale of assets, personal data may be transferred subject to applicable laws.
6. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described above or to comply with legal obligations. Generally, this means:
Active accounts: We keep your data while your account remains active and you continue to use our Services.
After account closure: We retain identity, contact, service and transaction records for up to five years after closure to comply with our legal obligations (e.g. tax, anti-money-laundering) and to defend legal claims.
Legal requirements: We may retain certain data longer if required by applicable laws, regulations or to address legal proceedings, fraud or security incidents.
Aggregated/anonymised data: We may retain anonymised or aggregated data indefinitely because it does not identify individuals.
Consent: Where we process personal data on the basis of your consent (e.g., for receiving marketing communications or enabling non-essential cookies), we retain that data until you withdraw your consent or the data is no longer necessary for the stated purpose. After withdrawal, we may retain a minimal record of your consent and its withdrawal in order to demonstrate compliance with the applicable legal obligations. More information on the retention period of each cookie placed on our Site may be accessed on our Cookie Policy.
7. Your Privacy Rights
Subject to your jurisdiction and nationality, you may have the right to:
Access personal data we hold and receive information about processing.
Rectify inaccurate or incomplete data.
Erase personal data in certain cases (subject to legal exemptions).
Restrict processing in specific circumstances.
Object to processing based on legitimate interests or to direct marketing.
Portability of data you provided in a structured, commonly used, machine-readable format.
Not be subject to solely automated decisions: Request human intervention
Under the UAE PDPL, you also have rights to receive detailed processing information, transfer data, restrict or stop processing, and object to automated processing. To exercise any of these rights, contact support@usebaaza.com. We may ask you to verify your identity. We aim to respond to access requests within one (1) month of receiving complete information. In complex cases or where we require additional details to identify your records, the one-month period may be paused (known as a "stop the clock" rule) until we receive the necessary information. We may extend the response period by up to two additional months if your request is complex, and will inform you of any extension and reasons. Complaints can be lodged with your local data protection authority. Baaza does not sell personal information for monetary or other valuable consideration. We share data only as described in this Policy.
If you have concerns about how we process your personal data, you may contact us at any time at support@usebaaza.com. We will acknowledge receipt of your complaint within two (2) business days and aim to provide a full response within one (1) month. If your complaint is complex, we may extend this period by up to two additional months, and will inform you of the extension and the reasons for it. You also have the right to lodge a complaint with your local data-protection authority.
8. Security & Incident Response
We implement appropriate organizational and technical safeguards, encryption, access controls, secure storage, staff confidentiality, and monitoring, to protect personal information against accidental or unlawful destruction, loss, alteration, disclosure, or access. If a data breach occurs, we will notify you and relevant authorities where legally required.
9. Interest-Based Advertising
We (and third-party partners) may use cookies/identifiers to understand activity over time and across sites/devices to tailor ads. This may include pages viewed, timestamps, referral URLs, and device/browser identifiers (including IP address).
Non-essential cookies are used only with your consent; you can withdraw it anytime via our cookie banner/preferences or your browser settings.
If you provide your email, we may use a hashed (obfuscated) version for audience matching. Our use of Gmail APIs complies with Google's Limited Use Requirements.
See our Cookie Policy for details on technologies and retention.
10. Communications from Baaza
Transactional communications (such as service confirmations, invoices and support notifications) are necessary to perform our contract with you and cannot be opted out of. For promotional communications (e.g. newsletters, discounts or surveys), we will send such messages only with your consent where required. You may manage your preferences or withdraw consent at any time through the unsubscribe link in our emails or by contacting support@usebaaza.com.
With your explicit consent, we may send marketing messages about promotions, discounts, and updates. You can manage preferences or withdraw consent anytime via the message instructions or support@usebaaza.com. Where permitted, we may contact you about services similar to previous purchases; you can always opt out.
11. Opting Out of Third-Party Collection
Ad partners may use cookies, web beacons, or similar technologies to measure ad performance. You may opt out via the links provided in our Cookie Policy or by adjusting your browser settings. Baaza complies with Apple and Google's policies: non-essential data collection is disclosed and user choices are respected
12. Mobile App Store Disclosures (Apple App Store & Google Play)
Our App complies with the privacy requirements of the Apple App Store and Google Play Data Safety program. We provide clear disclosures to Apple and Google regarding:
the categories of data collected,
the purposes for which the data is used,
whether data is linked to you,
whether data is used for tracking,
whether data collection is optional or required for core functionality.
Any data collection or permissions displayed in the App Store or Google Play listing reflect the actual behaviour of our App. If our data practices change, we will update both this Policy and our store disclosures.
Users can view these disclosures directly on our App Store and Google Play product pages.
13. Third-Party Sites
Our Services may link to external websites with their own privacy practices. We are not responsible for these practices and encourage you to review their policies directly.
14. Cross-Border Data Transfers
We may transfer personal data outside your country, including to and from the UAE. When transferring from the EU or UK, we use appropriate safeguards such as Standard Contractual Clauses. Under the UAE PDPL, we follow Articles 22–23 for cross-border processing. If required, we will inform you of specific mechanisms used.
15. Changes to This Policy
We may update this Policy to reflect legal, technical, or business changes. We will indicate the effective date and provide notice where legally required.
16. Contact Us
Questions, requests, or complaints regarding this Policy can be directed to:
Email: support@usebaaza.com
Postal: Baaza FZ LLC – Privacy Office, VUNE0169, Compass Building – Al Hulaila, Al Hulaila Industrial Zone-FZ, Ras Al Khaimah, UAE.