Last Updated May 2025
Data Processing Agreement
This Data Processing Agreement (“Agreement”) is made between PowerUP Solutions PTE. LTD. (hereinafter “Controller”) and PowerUP Electrical & Electronic Appliances Rental L.L.C. (hereinafter “Processor”).
Clause 1
General Provisions
1.1 These Clauses are intended to facilitate the lawful export of Personal Data to the Controller through the Processor when data subjects file requests to the Processor regarding the usage of the PowerUP mobile application (“App”) in accordance with the Terms of Use and Privacy Policy.
1.2 The Processor generally does not process any users’ personal data that is collected through the App and processed by the Controller, but it, as the local owner of the PowerUP infrastructure, can receive some requests from data subjects from time to time. This Agreement shall set up rules of interaction in case of such requests in accordance with UAE legislation, including, but not limited to Personal Data Protection Law No. 45 of 2021, The Central Bank and the Organization of Financial Institutions and Activities Law No. 14 of 2018 (“the Central Bank Law”), Federal Law by Decree No. 3 of 2003 Regarding the Organization of the Telecommunications Sector, or any other laws or by-laws.
1.3 This Agreement sets out appropriate safeguards, including enforceable Data Subject rights and effective legal remedies, pursuant to applicable laws with respect to data transfers from Processor to Controller.
1.4 This Agreement is a part of the general agreement between the parties and exists as long as the main agreement is effective.
Clause 2
Data transfers
2.1 The Processor warrants that it has used reasonable efforts to determine that the Controller is able, through the implementation of appropriate technical and organizational measures, to satisfy its obligations under this Agreement. Data should be transferred only for the purposes of fulfilling the obligation to collect and process data subjects’ requests and provide replies on them.
2.2 The Processor will make its best to collect and receive as little personal data as possible.
2.3 Instructions:
(a) The Processor will process the personal data only on documented instructions from the Controller.
(b) The Processor will immediately inform the data importer if it is unable to follow those instructions, including if such instructions infringe the applicable legislation.
(c) The Controller will refrain from any action that would prevent the data exporter from fulfilling its obligations under the applicable legislation, including as regards cooperation with competent Supervisory Authorities.
(d) After the end of the provision of the Processing services, the Processor will, at the choice of the data importer, delete all personal data processed on behalf of the Controller and certify to the Controller that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.
2.4 Security of processing:
(a) The Parties will implement appropriate technical and organizational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access (“Personal Data Breach”). In assessing the appropriate level of security, they will take due account of the costs of implementation, the nature of the personal data, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymization, including during transmission, where the purpose of processing can be fulfilled in that manner.
(b) The data exporter will assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a Personal Data Breach concerning the personal data processed by the data exporter under this Agreement, the data exporter will notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.
(c) The Processor will ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
2.5 Documentation and compliance:
(a) The Parties will be able to demonstrate compliance with this Agreement.
(b) The Processor will make available to the data importer all information necessary to demonstrate compliance with its obligations under this Agreement and allow for and contribute to audits.
Clause 3
Scope of processed data
3.1 Maximum scope of processed personal data under this Agreement includes: Name, E-mail address, Phone number.
3.2 If the Processor receives some data exceeding the list above, it should delete it with appropriate notification of the data subject about such destruction.
3.3 The Controller replies to the request by itself, sending the reply directly to the data subject using the e-mail address from the request.