Privacy Policy

This Privacy Policy describes how 55 North FZCO ("55°North", "we", "us", or "our"), a free zone company incorporated in the Dubai Multi Commodities Centre (DMCC), United Arab Emirates, collects, uses, stores, and protects personal data in connection with our website at www.55north.ae (the "Website") and our marine fuel procurement and related services.

We are committed to handling personal data responsibly and in compliance with applicable data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL") and, where applicable to individuals located in the European Economic Area, the EU General Data Protection Regulation ("GDPR").

1. Data Controller

The data controller responsible for your personal data is:

55 North FZCO
Unit No. 4567, DMCC Business Centre
Level 1, Jewellery & Gemplex 3
Dubai, United Arab Emirates
Email: [email protected]

2. Personal Data We Collect

We collect personal data in the following circumstances:

• Contact and inquiry submissions: When you submit an inquiry through our contact form or contact us directly by email, we collect your name, company name, job title, email address, telephone number, and the content of your message.
• Counterparty onboarding: When you or your organisation engages 55°North as a commercial counterparty, we collect corporate and individual identification documentation as required by our KYC/KYB procedures, including names, identification documents, beneficial ownership information, and professional contact details.
• Website usage data: We collect limited technical data when you visit our Website, including IP address, browser type and version, operating system, pages visited, time and date of access, and referring URL. This data is collected through server logs and, where applicable, analytics tools.
• Communications: We retain records of commercial communications, including emails and written correspondence, in connection with transactions and business relationships.

We do not collect sensitive personal data (such as health data, biometric data, or data revealing racial or ethnic origin) in the ordinary course of our business.

3. How We Use Personal Data

We use personal data for the following purposes:

• To respond to inquiries and provide information about our services.
• To conduct counterparty onboarding, including KYC/KYB verification and sanctions screening.
• To execute and manage marine fuel procurement transactions and related services.
• To issue invoices, manage credit facilities, and process payments.
• To comply with applicable legal, regulatory, and sanctions compliance obligations.
• To maintain transaction records and documentation archives as required by applicable law.
• To monitor and improve the performance and security of our Website.
• To communicate with existing counterparties and clients about services, operational matters, and regulatory developments relevant to their business.

We do not use personal data for unsolicited marketing to individuals who have not consented to receive such communications, and we do not sell personal data to third parties.

4. Legal Basis for Processing

Where the GDPR applies, we process personal data on the following legal bases:

• Contract performance: Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR). This applies to counterparty onboarding, transaction execution, and invoicing.
• Legal obligation: Processing is necessary for compliance with a legal obligation to which we are subject (Article 6(1)(c) GDPR). This applies to KYC/KYB requirements, sanctions screening, and regulatory record-keeping.
• Legitimate interests: Processing is necessary for the purposes of our legitimate interests, except where those interests are overridden by your interests or fundamental rights (Article 6(1)(f) GDPR). This applies to responding to inquiries, maintaining business records, website analytics, and communicating with existing counterparties about relevant services.
• Consent: Where we rely on consent as a legal basis (for example, for optional marketing communications), you have the right to withdraw consent at any time by contacting us at [email protected].

Under the UAE PDPL, we process personal data on the basis of contractual necessity, legal obligation, and legitimate business purposes as applicable.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, and contractual obligations. Our standard retention periods are as follows:

• Contact form submissions and pre-contractual inquiries: Three (3) years from the date of last contact, unless a commercial relationship is established.
• Counterparty onboarding and KYC/KYB records: Five (5) years from the end of the commercial relationship, or longer where required by applicable anti-money laundering or sanctions regulations.
• Transaction records and commercial correspondence: Seven (7) years from the date of the relevant transaction, in accordance with standard commercial record-keeping requirements.
• Website usage data: Twelve (12) months from the date of collection, unless required for security investigations.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.

6. Data Sharing and Disclosure

We do not sell personal data. We may share personal data in the following circumstances:

• Service providers: We share personal data with third-party service providers who assist us in operating our business, including IT infrastructure providers, cloud storage providers, KYC/sanctions screening providers, and professional advisers. All service providers are required to process personal data only on our instructions and in accordance with appropriate data processing agreements.
• Suppliers and port agents: In connection with the execution of a Stem, we may share vessel and operational details (including vessel name, IMO number, and delivery requirements) with Suppliers and port agents as necessary to coordinate delivery.
• Legal and regulatory disclosure: We may disclose personal data where required by applicable law, court order, or regulatory authority, including for the purposes of sanctions compliance, anti-money laundering obligations, or tax reporting.
• Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the relevant acquiring entity, subject to equivalent data protection obligations.

7. International Data Transfers

55°North is based in the UAE. Where we transfer personal data to recipients located outside the UAE or the EEA, we ensure that appropriate safeguards are in place, including standard contractual clauses approved by the relevant data protection authority, or reliance on an adequacy decision where applicable.

Transfers of personal data to our service providers may involve transfers to countries outside the UAE or EEA. We assess each transfer on its merits and apply appropriate safeguards in accordance with applicable data protection law.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include access controls, encryption of data in transit and at rest, regular security assessments, and staff training on data protection obligations.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with applicable data protection law.

9. Your Rights

Depending on applicable law, you may have the following rights in respect of your personal data:

• Access: The right to request a copy of the personal data we hold about you.
• Rectification: The right to request correction of inaccurate or incomplete personal data.
• Erasure: The right to request deletion of your personal data, subject to applicable legal and regulatory retention obligations.
• Restriction: The right to request that we restrict the processing of your personal data in certain circumstances.
• Data portability: The right to receive your personal data in a structured, commonly used, and machine-readable format (where processing is based on consent or contract and carried out by automated means).
• Objection: The right to object to processing based on legitimate interests, including for direct marketing purposes.
• Withdrawal of consent: Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within thirty (30) days. We may require verification of your identity before processing your request.

If you are located in the EEA, you also have the right to lodge a complaint with your local data protection supervisory authority.

10. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to support website functionality and to collect analytics data about how visitors use the Website. The following categories of cookies are used:

• Strictly necessary cookies: Required for the Website to function. These cannot be disabled.
• Analytics cookies: Used to collect aggregated, anonymised data about Website usage to help us improve performance and user experience. These are only set where you have provided consent.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Website.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or regulatory requirements. The current version will always be available on this page, with the effective date updated accordingly. We encourage you to review this policy periodically. Where changes are material, we will take reasonable steps to notify affected individuals.

12. Contact

For data protection queries, requests to exercise your rights, or concerns about how we handle your personal data, please contact:

55 North FZCO — Data Protection
Email: [email protected]
Unit No. 4567, DMCC Business Centre
Level 1, Jewellery & Gemplex 3
Dubai, United Arab Emirates